IPSEC tunneling

[David Fields]

We had a similar issue with using Checkpoint's Securemote as our VPN
solution and accessing Samba shares from Unix boxes inside our
firewall.  Our samba setup was to use NT domain authentication, with
an NT server as the Wins machine.  So far, I've got it to work on the
Unix/Samba server that I'm responsible for.  The setup on the windows
machine needs to be the following so you can browse:

Need to tell the Client for Microsoft Networks that you're in a NT
domain.
Need to put your internal WINS address in there
Make sure your machine is in the same workgroup
(and it might help if you also put in an internal DNS server if you're
not advertising all of your internal names on your external network)

The one thing on the Samba config that kept us from working was we
were too paranoid on our server.  With our setup, I've had to change
the "host allow" line in my smb.conf file to the following:  hosts
allow = ANY,localhost.  We originally had it set up to only allow
connections from our internal networks.  After I made that change, I
was able to browse to the internal samba server, access
shares/printers  (after authenticating with securemote first and
setting up the VPN).  We haven't tried this on the other machines, but
we suspect it will solve our problems there also.

Hope this helps.

--
David Fields
SCT, http://www.sctcorp.com
IT for Global Government Solutions
Phone: 859-277-8800, x231
E-Mail:  dfields at sctcorp.com