Cross subnet browsing + vpn
in [Samba]
|
Prev: [Samba] Can't mount samba drive or join domain with W2K3 server
Next: WG: Cross subnet browsing + OpenVPN
From: Quinn Fissler on 12 Jul 2010 08:10 If you have fixed IPs (or static DNS leases), one way round this is to populate %SystemRoot%\system32\drivers\etc\lmhosts on the Windows client. I look forward to seeing any other solutions here :-) On 6 July 2010 13:07, <jpb(a)oss4all.plus.com> wrote: > Hi All, > > I'm having a problem with cross subnet browsing and name resolution across > an openvpn tunnel. i've found quite a few people who've had the same on > mail lists but none of their fixes have worked. The spec of the setups at > both ends of the tunnel are as follows: > > OS - CentOS 5.5 > Samba Version 3.5.4 > OpenVPN Version 2.0.9-1 > > Each server is configured in gateway mode with two NICS, one to the lan > and the other to a modem/router. The first machine, HEADOFFICE, has an > internal IP address of > 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, > has an internal address of 192.168.1.254 and an external of 192.168.20.4. > > On openVPN, I have configured client to client and routes and iroutes to > allow machines on each network to ping machines at the other end as well > as the server IP's. > So far so good and I can ping any machine on either subnet from anywhere > and get a reply. The servers are configured as Samba servers with the > HEADOFFICE machine > working as a PDC, DMC and WINS server and the REMOTE1 machine configured > as a BDC and WINS proxy. In order to maintain logon facilities in the > event of broadband failure, > I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates > and password changes propogate successfully from one site to the other. > > If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works > perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet > fails on name resolution while > entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. > > I've included the remote browse entries in smb.conf on the PDC and have > WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP > back to the WINS server. > Port scanning the internal IP of each machine from the oher end of the > tunnel returns a full set of open ports for the services I'm using but no > IP. > > If anyone can spot what I'm doing wrong I'd be grateful. > > Thanks. > > ################ smb.conf - HEADOFFICE ################ > ### Included 2nd subnet for second remote site in browse sync > > [ global] > workgroup = NEWDOM > netbios name = HEADOFFICE > security = user > enable privileges = yes > interfaces = 192.168.0.1 127.0.0.1 > # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 > 194.168.2.0/255.255.255.0 127.0.0.1 > remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM > remote browse sync = 192.168.1.255 192.168.2.255 > wins support = yes > name resolve order = wins hosts bcast > username map = /etc/samba/smbusers > server string = Samba Server %v > encrypt passwords = Yes > ldap ssl = no > unix password sync = yes > ldap passwd sync = no > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n "*Retype new > password*" %n\n" > > # public = yes > # browseable = yes > # lm announce = yes > # browse list = yes > # auto services = yes > > log level = 3 > syslog = 0 > log file = /var/log/samba/log.%U > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > mangling method = hash2 > Dos charset = 850 > Unix charset = ISO8859-1 > > local master = Yes > domain logons = Yes > domain master = Yes > os level = 65 > preferred master = Yes > wins support = yes > > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=Manager,dc=newdom,dc=ldm > ldap suffix = dc=newdom,dc=ldm > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > #delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > > [shared] > comment = shared directory > path = /dat > browseable = yes > read only = no > create mask = 0660 > directory mask = 0770 > > > ############ smb.conf - REMOTE1 ############################# > > [global] > workgroup = NEWDOM > netbios name = REMOTE1 > security = user > enable privileges = yes > interfaces = 192.168.1.254 127.0.0.1 > # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 > 10.8.0.0/24 127.0.0.1 > wins server = 192.168.0.1 > wins proxy = yes > username map = /etc/samba/smbusers > name resolve order = wins bcast hosts > server string = Samba Server %v > encrypt passwords = Yes > ldap ssl = no > unix password sync = yes > ldap passwd sync = no > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n "*Retype new > password*" %n\n" > > log level = 0 > syslog = 0 > log file = /var/log/samba/log.%U > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > mangling method = hash2 > Dos charset = 850 > Unix charset = ISO8859-1 > > local master = Yes > domain logons = Yes > domain master = no > os level = 40 > preferred master = no > > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=Manager,dc=newdom,dc=ldm > ldap suffix = dc=newdom,dc=ldm > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > > [test] > comment = test share > path = /test > browseable = yes > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |