[Samba] Windows XP client over IPSEC VPN -- No browsing, limited file access.

vectro at vectro.org vectro at vectro.org
Sun Mar 12 02:35:58 GMT 2006 

Hello all,

I have a problem with browsing and share access over an IPSEC VPN. Details 
follow.

The network has the following configuration: There are two local networks, 
172.16.57.0/24 and 172.16.59.0/24. The networks are connected over the 
internet by Cisco routers providing an IPSEC VPN. The VPNs are configured to 
route all traffic (all IP types, all ports, except broadcast and ICMP 
redirects) destined for the other network over the VPN. IP connectivity seems 
great.

There is a samba server (CAESAR) located on the 57.0 subnet. It is configured 
with the following relevant directives:
wins server = yes
dns proxy = no
name resolve order = wins lmhosts bcast host
domain master = yes
local master = yes
preferred master = yes
os level = 70
workgroup = WORKGROUP
It runs Linux 2.6.8 and Samba 3.0.14a-3sarge, from Debian Sarge.

There are some other Windows machines of various vintages also located on the 
57.0 subnet. They can browse to and access shares on CAESAR with no problem.

There is a Windows XP machine (LAPTOP) located on the 58.0 subnet. At this 
time, it is the only SMB client on that subnet. That machine is configured 
with CAESAR as a WINS server. I have two distinct problems with LAPTOP:
1) Network browsing doesn't work. Navigating to "Entire Network" / "Microsoft 
Windows Network" / "WORKGROUP", I see only HP. No error, but no other hosts 
either.
2) Accessing file shares on CAESAR (by typing "\\CAESAR" in the location bar) 
only works with very small directories and files. A folder with only a few 
files in it, or a file of only a few bytes, works fine. Browsing to large 
folders (which can actually mean as few as 30 files), Windows Explorer 
pauses, with an hourglass or flashlight, and eventually presents the message 
(for the share "extra"):
"\\caesar\extra is not accessible. You might not have permission to use this 
network resource. Contact the administrator of this server to find out if you 
have access permissions.

The specified network name is no longer available."

I have disabled the XP Webclient and the Task Scheduler, to no effect. I'm at 
a loss for what else to try, however.

CAESAR's full config file is available upon request.

Cheers,

--Ian

More information about the samba mailing list