[Samba] Active directory not working across openvpn tunnel

Bill Ries-Knight steelhoof at gmail.com
Sun Jan 14 08:00:39 GMT 2007


Network is

192.168.1.x office -->"HSP" domain -->small business server and exchange host
  Linux server
   openvpn tunnel
  Linux server
192.168.19.x 192.168.10.x  "CRAGMART" domain -->school-->small business server

I had to replace the linux server on the office side.
We now have nost services except active direcory stuff, and can only
see the local domain from either side.  Browsing by IP across the
tunnel to the other domain in either direction brings up a logon
request, but the username is not accepted on the other side.  the
local domain is expected to provide credentials.

from HSP it try to logon to a CRAGMART workstation with a username
that is valid on both active server domains as an entry on both
servers.  I have a return for HSP/username.  I cannot authenticate.

In the other direction I will get a logon request from CRAGMART to an
HSP workstation and it will return CRAGMART/username.  I cannot
authenticate.

Looking at syslog I get the following:

Jan 13 23:31:51 router kernel: REJECT INPUT IN=eth0 OUT= MAC=
SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jan 13 23:31:51 router winbindd[21809]: [2007/01/13 23:31:51, 0]
libsmb/namequery.c:getlmhostsent(681)
Jan 13 23:31:51 router winbindd[21809]:   getlmhostsent: Ill formed
hosts line [127.0.0.0]
Jan 13 23:31:53 router kernel: REJECT INPUT IN=eth0 OUT= MAC=
SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0
DF PROTO=UDP SPT=137 DPT=137 LEN=58
Jan 13 23:31:55 router last message repeated 2 times
Jan 13 23:31:56 router kernel: REJECT INPUT IN=eth0 OUT= MAC=
SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=211 TOS=0x00 PREC=0x00 TTL=64
ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=191



System specifics.

OFFICE  Debian Etch  192.168.1.1  mail:/# smbd -V  :: Version 3.0.23d

mail:~# cat /etc/hosts
127.0.0.1     localhost.localdomain    localhost    mail
192.168.1.1   ntserver.mail.XXXX..org
XX.XX.21.78   mail.XXXX.org
192.168.1.3 server
192.168.19.3 cserver
192.168.1.1 router.hsp.local router ntserver ntserver.hsp.local mail



# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


SCHOOL  Fedora Core 4  192.168.19.1  [root at filter ~]# smbd -V ::
Version 3.0.14a-2


[root at filter ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       ntserver.cragmart.local localhost.localdomain
localhost      filter.cragmart.local    filter
192.168.1.9 jukebox



-- 
-- 
Bill Ries-Knight
Stockton, CA

Respect the process, Vote.


More information about the samba mailing list