[Samba] Active directory not working across openvpn tunnel
Bill Ries-Knight
steelhoof at gmail.com
Sun Jan 14 08:00:39 GMT 2007
Network is
192.168.1.x office -->"HSP" domain -->small business server and exchange host
Linux server
openvpn tunnel
Linux server
192.168.19.x 192.168.10.x "CRAGMART" domain -->school-->small business server
I had to replace the linux server on the office side.
We now have nost services except active direcory stuff, and can only
see the local domain from either side. Browsing by IP across the
tunnel to the other domain in either direction brings up a logon
request, but the username is not accepted on the other side. the
local domain is expected to provide credentials.
from HSP it try to logon to a CRAGMART workstation with a username
that is valid on both active server domains as an entry on both
servers. I have a return for HSP/username. I cannot authenticate.
In the other direction I will get a logon request from CRAGMART to an
HSP workstation and it will return CRAGMART/username. I cannot
authenticate.
Looking at syslog I get the following:
Jan 13 23:31:51 router kernel: REJECT INPUT IN=eth0 OUT= MAC=
SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jan 13 23:31:51 router winbindd[21809]: [2007/01/13 23:31:51, 0]
libsmb/namequery.c:getlmhostsent(681)
Jan 13 23:31:51 router winbindd[21809]: getlmhostsent: Ill formed
hosts line [127.0.0.0]
Jan 13 23:31:53 router kernel: REJECT INPUT IN=eth0 OUT= MAC=
SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jan 13 23:31:55 router last message repeated 2 times
Jan 13 23:31:56 router kernel: REJECT INPUT IN=eth0 OUT= MAC=
SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=211 TOS=0x00 PREC=0x00 TTL=64
ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=191
System specifics.
OFFICE Debian Etch 192.168.1.1 mail:/# smbd -V :: Version 3.0.23d
mail:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost mail
192.168.1.1 ntserver.mail.XXXX..org
XX.XX.21.78 mail.XXXX.org
192.168.1.3 server
192.168.19.3 cserver
192.168.1.1 router.hsp.local router ntserver ntserver.hsp.local mail
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
SCHOOL Fedora Core 4 192.168.19.1 [root at filter ~]# smbd -V ::
Version 3.0.14a-2
[root at filter ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 ntserver.cragmart.local localhost.localdomain
localhost filter.cragmart.local filter
192.168.1.9 jukebox
--
--
Bill Ries-Knight
Stockton, CA
Respect the process, Vote.
More information about the samba
mailing list