Samba share not accessible from a VPN client

Prev: How can I change the order of init scripts?
Next: Help new Debian user

From: H.S. on 7 Jun 2010 18:00

---

On 07/06/10 04:27 PM, Javier Barroso wrote:
> On Mon, Jun 7, 2010 at 9:52 PM, H.S. <hs.samix(a)gmail.com> wrote:
>>
>> A little success. I commented out the following option from smb.conf and
>> now I can connect to the share from a VPN client:
>> ; interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.5.0/24
>>
>>
>> However, I can not only use "sudo smbmount ..." command to access the
>> samba share. The Network browser from Gnome still does not show the
>> share while a VPN client. The VPN client is a laptop running Ubuntu Karmic.
>>
>
> You may need to have 2 servers to do it (one replicating network map from
> master). Read in samba howto:
>
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2585378

I read the link but I need to read it again after looking up some
references in it to better understand it. However, I have one doubt that
needs to be clarified. As I described earlier, I have three separate
networks on my LAN:
wired network (192.168.0.0/24)
wireless network (192.168.5.0/24)
VPN (172.16.15.0/24)

When I start samba on the firewall machine "ROUTER" , I see the
following in its log:
*****
Samba name server ROUTER is now a local master browser for workgroup
ROUTERSMB on subnet 192.168.0.1
*****
<SNIP>
*****
Samba name server ROUTER is now a local master browser for workgroup
ROUTERSMB on subnet 192.168.5.1

*****


This leads me to two questions. If I can browse the share from both of
these networks, why can't I do so from VPN? And, on a related note, why
do only these two networks act as a local browser and why doesn't VPN
(172.16.15.0/24) also do so?



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/hujppk$iba$1(a)dough.gmane.org

From: Javier Barroso on 7 Jun 2010 18:30

---

On Mon, Jun 7, 2010 at 11:53 PM, H.S. <hs.samix(a)gmail.com> wrote:

> On 07/06/10 04:27 PM, Javier Barroso wrote:
> > On Mon, Jun 7, 2010 at 9:52 PM, H.S. <hs.samix(a)gmail.com> wrote:
> >>
> >> A little success. I commented out the following option from smb.conf and
> >> now I can connect to the share from a VPN client:
> >> ; interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.5.0/24
> >>
> >>
> >> However, I can not only use "sudo smbmount ..." command to access the
> >> samba share. The Network browser from Gnome still does not show the
> >> share while a VPN client. The VPN client is a laptop running Ubuntu
> Karmic.
> >>
> >
> > You may need to have 2 servers to do it (one replicating network map from
> > master). Read in samba howto:
> >
> >
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2585378
>
> I read the link but I need to read it again after looking up some
> references in it to better understand it. However, I have one doubt that
> needs to be clarified. As I described earlier, I have three separate
> networks on my LAN:
> wired network (192.168.0.0/24)
> wireless network (192.168.5.0/24)
> VPN (172.16.15.0/24)
>
> When I start samba on the firewall machine "ROUTER" , I see the
> following in its log:
> *****
> Samba name server ROUTER is now a local master browser for workgroup
> ROUTERSMB on subnet 192.168.0.1
> *****
> <SNIP>
> *****
> Samba name server ROUTER is now a local master browser for workgroup
> ROUTERSMB on subnet 192.168.5.1
>
> *****
>
>
> This leads me to two questions. If I can browse the share from both of
> these networks, why can't I do so from VPN? And, on a related note, why
> do only these two networks act as a local browser and why doesn't VPN
> (172.16.15.0/24) also do so?
>
I would run tcpdump ... after starting samba server, and would take a look
to elections Master Browser traffic.

Maybe broadcast packets are doing wrong things for you ?

Regards,

From: Jesús M. Navarro on 8 Jun 2010 14:50

---

Hello, Márcio:

On Monday 07 June 2010 19:04:52 Márcio Luciano Donada wrote:
> Em 7/6/2010 13:54, H.S. escreveu:
> > Consider a LAN with a Debian machine as a router. The Debian machine
> > has three interfaces, eth0, eth1 and wlan0. The interface for VPN is
> > tun0. ,----------.
> > ppp0 <------eth1 eth0--192.168.0.0/24--->to LAN switch
> >
> > | wlan0--192.168.5.0/24---> WLAN
> > | tun0--172.16.15.0/24---> VPN
> > |__________|
> >
> > Router, Samba and VPN server machine
> >
> >
> > Now, I have generated the certificates and keys for the VPN server
> > for various client.
>
> Protocol CIFS not roteable. Please read on DNS or wins server (degraded)
> for solution.

But of course CIFS is routable, why it shouldn't?

Maybe you misunderstood it with NetBEUI.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/201006082042.53746.jesus.navarro(a)undominio.net

From: H.S. on 9 Jun 2010 13:00

---

On 07/06/10 06:20 PM, Javier Barroso wrote:
> On Mon, Jun 7, 2010 at 11:53 PM, H.S. <hs.samix(a)gmail.com> wrote:
>
>> needs to be clarified. As I described earlier, I have three separate
>> networks on my LAN:
>> wired network (192.168.0.0/24)
>> wireless network (192.168.5.0/24)
>> VPN (172.16.15.0/24)
>>
> I would run tcpdump ... after starting samba server, and would take a look
> to elections Master Browser traffic.
>
> Maybe broadcast packets are doing wrong things for you ?

Some progress. I can at least browse to the shares (but Gnome's Network
GUI still fails to mount the actual folder). The setting that worked are
the following.
interfaces = 127.0.0.0/8 172.16.15.0/24 eth0 wlan0 tun0
# samba host not visible on VPN client without the following
remote announce = 172.16.21.255

#for security (allow only local, wired lan and VPN clients)
hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24
hosts deny = 0.0.0.0/0


Now I am dealing with the problem of Network GUI failing to mount the
windows share.



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/huogur$j0b$2(a)dough.gmane.org

First  |  Prev  | 
Pages: 1 2 3
Prev: How can I change the order of init scripts?
Next: Help new Debian user