Volume Number: 23 (2007)
Issue Number: 10
Column Tag: Windows on Mac

Demystifying Windows network browsing

A behind the scenes look at how it really works

By Joe Froehlich

If you peruse the Windows Services Administration manual for Mac OS X Server, you'll find the following statement:

"Mac OS X Server can also provide network browsing service as a workgroup master browser or a Windows domain master browser for Windows clients. A workgroup master browser enables Windows computers to discover servers on one subnet. A domain master browser enables Windows computers to discover servers across subnets."

While this statement sounds simple enough, as with most things, there's more to the story. If you have Windows clients on your Mac OS X Server-based network, it's important to understand how Windows network browsing functions. In this article, we'll give you the grand tour.

Microsoft defines two distinct network entities: workgroups and domains. Let's start with a brief description of each so we're talking the same language.

A workgroup is a logical grouping of peer-to-peer computers that facilitates sharing resources (file and printers) among its members. While there's usually a one-to-one relationship between a workgroup and a subnet, in theory at least, a subnet can host multiple workgroups, and a given workgroup can span physical subnets.

A domain (not to be confused with an Internet domain) is a logical grouping of computers for administrative and security purposes. In a domain, all computers share a common directory database of resources and security information. A domain can reside on a single subnet, or it can span multiple subnets. A domain typically consists of a domain controller, member servers, and client workstations.

On a native Windows network, the Computer Browser Service controls network browsing. On a Mac OS X Server-based network, this same service is implemented via Samba. Fundamentally, the browsing service on the respective platform is responsible for populating a client's view of the Windows network, as shown in Figure 1.

Figure 1: Browsing a Windows workgroup under Tiger and Vista

When you configure the Windows service on Mac OS X Server, your changes are reflected in the underlying /etc/smb.conf file. In Figure 2, for example, we've made our server a member of the Windows workgroup called EUROPA. In examining the [global] section of the smb.conf file, we see the following settings, which correspond to the Description, Computer Name, and Workgroup items on the General pane:

   server string = Mac OS X Server
   netbios name = osxsrv
   workgroup = EUROPA

Figure 2: The Windows service module in Mac OS X Server

When a Windows machine comes online, it broadcasts its presence--saying in effect, "Here I am and I have something to share with you". Other computers on the network are responsible for collecting the list of nodes that provide shared resources. When a client computer needs to access a shared resource, it consults the browse list (not the host directly sharing the resource) to locate the resource. Figure 3 provides an overview of this process.

The key point to remember is that, in addition to the machine providing the resource (the server) and the machine requesting the resource (the client), other machines, known as computer browsers, manage lists of available resources throughout the network.

There are several different roles a computer can assume in a Windows browsing environment. Depending on the installed operating system, a computer with the Computer Browser Service enabled can serve any of the following roles:

Master Browser. This machine collects and maintains the list of available network resources on its own subnet. The master browser fully replicates its information list with the domain master browser to obtain a complete browse list for the network, and then distributes it to backup browsers located on the same subnet.

Preferred Master Browser. This machine is a master browser that the administrator has configured manually (via a Windows registry setting) to be the favored master browser.

Domain Master Browser. This machine collects and maintains the master browse list of available resources for its domain. It also distributes and synchronizes the master browse list for master browsers on other subnets that have computers belonging to the same domain. This is the default role for a Primary Domain Controller (PDC).

Backup Browser. This machine receives a copy of the browse list from the master browser for its subnet, and then distributes it to other computers upon request. Clients that need to access a resource consult the backup browser not the master browser.

Potential Browser. This machine is capable of becoming a backup browser when and if its subnet's master browser instructs it to assume that role.

Non-browser. This machine is configured so it can't become a computer browser; as a result, it doesn't maintain a browse list. However, it can operate as a browse client, requesting browse lists from other computers operating as browsers on the same subnet.

Figure 3: Windows network browsing in action

In certain cases, computer browsers need to assume different roles. When this happens, potential browsers choose a new master browser, using a process known as an election. An election is initiated as a result any of the following events occurring:

A computer can't locate a master browser.

A preferred master browser comes online.

A Windows domain controller starts.

A backup browser can't contact a master browser to update its browse list.

The election process

Not surprisingly, a computer browser election is considerably friendlier than a political election. In short, all potential browsers present their qualifications during the election. Then, after several rounds of self-elimination (e.g. a browser disqualifies itself after encountering an opponent with higher qualifications), a single machine remains--the newly elected master browser.

Browser qualifications

There are several criteria for determining which computer browser is most qualified to win an election. In practice, the winner is usually determined by a combination of its operating system and its role on the network. In general, the more capable the operating system and the more important the machine's network role, the more likely it is to win an election. For example, an NT server running as a PDC beats a Windows 2000 Professional workstation. Likewise, all other criteria being equal, a preferred master browser beats a backup browser.

Election outcomes

The following rules determine, in the order listed, whether a browser wins an election:

If the election protocol version of the browser is greater than the election protocol version of its opponent, the browser wins. If not, the browser uses the next election criterion.

If the value of the election criteria (combined value of operating system and network role) for the browser is greater than that of its opponent, the browser wins. If not, the browser uses the next election criterion.

If the browser has been running longer than its opponent, the browser wins. If not, the browser uses the next election criterion.

If none of the above rules have determined the election, then the server with the lexically lowest name wins; e.g. a server named Alpha wins over a server named Beta.

Configuring browser roles on Mac OS X Server

While you use the Settings | General pane of the Windows service module to specify workgroup or domain membership, you use the Settings | Advanced pane, shown in Figure 4, to configure browser roles (Workgroup Master Browser and/or Domain Master Browser).

Master browser

You'll recall from our previous discussion that a master browser is responsible for collecting and maintaining browse lists on its own subnet. You must have a master browser on each subnet. This machine can be any Windows machine with the Computer Browser Service enabled, or a Mac OS X server running Samba and serving as a local master.

To configure a master browser, simply select the Workgroup Master Browser check box. In doing so, the [global] section of the smb.conf file reports the setting: local master = yes.

Figure 4: Browser role configuration

Domain master browser

The domain master browser is the master browser for the subnet in which it resides. Additionally, it propagates its browse list to the individual master browsers on each subnet in the domain. At the same time, the master browsers on each subnet distribute their browse lists to the parent domain master browser. If you have a Windows domain, regardless of whether it's on a single subnet or it spans multiple subnets, you need a domain master browser. This machine can be Windows server acting as a PDC, or a Mac OS X Server serving an equivalent role.

To configure a domain master browser, first set up Mac OS X Server as a WINS server, or register it with an existing WINS server for NetBIOS name resolution. Then, simply select the Domain Master Browser check box. In doing so, the [global] section of the smb.conf file reports the setting: domain master = yes.

Hopefully, this article has given you a better sense of how Windows network browsing works. If this article has elevated your interest in learning more about this subject, refer to the online documentation available on Samba's website at www.samba.org. In the meantime, Happy Browsing!

Joe is a seasoned technical writer and instructional designer with experience on both Windows and Mac platforms. He's a member of the Apple Consultants Network, the Microsoft Partner Program, and the IEEE Computer Society. You can reach him at froejoe@gmail.com.