[Samba] Access to Samba server across subnets

[Ken Innes]

Hello all,

I'm using samba 2.2.7a with winbind on a RedHat 7.3 (pre-installed by Dell)
server,
with an NT PDC/BDC, with the NT PDC acting as the WINS server.

Everything works fine on the local subnet 192.168.0.xxx, but we
also have an IPSec VPN set up with our western call centre,
and users on the western office subnet 192.168.10.xxx can't login to the
samba shares.

They can login to the NT shares fine, and the login script on our
local (192.168.0.) subnet PDC runs fine when users login over the VPN;
they can ping the samba server;
but when they try to connect to the UNC address \\samba_server\sharename
the are asked for a username/password and can't get past that.

The remote workstns are Win98.

No errors are reported by testparm.

   here are the relevant bits of smb.conf:

_________________________________

   hosts allow = 192.168.0. 192.168.10. localhost

   security = server

   # Use password server option only with security = server
   # NT PDC and BDC:
      password server = EKOSSRV2 EKOSSRV1

   encrypt passwords = yes
   update encrypted = yes

   unix password sync = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*


    pam password change = yes


  obey pam restrictions = yes

  # Cause this host to announce itself to local subnets here
     remote announce = 192.168.0. 192.168.10.

   local master = no
   domain master = no
   wins server = 192.168.0.2
   dns proxy = no
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind enum users = yes
   winbind enum groups = yes

#============================ Share Definitions
==============================

# this is the share for the edmonton call centre.
[edmonto$]
   path = /files/edmonton
   public = yes
   only guest = no
   create mode = 0660
   directory mode = 0770
   writable = yes
   printable = no

# this is the share for the Readonly drive share.
[readonly]
   path = /files/readonly
   public = yes
   only guest = no
   create mode = 0664
   directory mode = 0775
   writable = yes
   printable = no


__________________________



A previous poster (see below) has an almost identical problem
(he is using security = domain, I am using security = server)
but I can find no responses to his post.

I've also seen some other posts indicating problems with jumping
subnets, without posted solutions . . . .

As this seems not to be an entirely unique problem, I'll be sure
to document and post any solutions/results back to the list.

Thank you,
-Ken


_________________________________________

Ken Innes
Chief Information Officer
EKOS Research Associates Inc.
99 Metcalfe St., Suite 1100
Ottawa, Ontario
K1P 6L7

www.ekos.com


_______________________________________________________________
Previous similar post:

>From mrautia6 at welho.com  Sat Jan 11 00:49:20 2003
From: Mikko Rautiainen <mrautia6 at welho.com>
Return-Path: <mrautia6 at welho.com>
Delivered-To: samba at lists.samba.org
Subject: [Samba] Problem to access sambaserver from another subnet.


Date: Sat Jan 11 00:50:01 2003

Hi,

I have a network that has a  NT4 PDC and 2 NT4 BDC plus one linux samba
server.
Then there is a "VPN"subnet routed over ADSL to the main network.

The problem is that I can't connect to the samba sever from the VPN with
either W98 or W2k

I can log on to the domain, can ping the servers, can
see the server in the network neighbourhood.
But I can't login, it says that wrong password or
user name. The samba server is in security = domain mode
and uses winbind to authenticate from the NT4 PDC. And it
works fine in the local network.

The network doesn't have a WINS server set up, can that be the problem?
Can it be some kind of NT4 permission srewup?

Thanks
Mikko