[Samba] Help - Cross-Subnet Browsing with OpenVPN

devel at thom.fr.eu.org devel at thom.fr.eu.org
Mon Jun 2 18:09:38 GMT 2008


I have the same kind of setup (except I'm using Linux 2.6 IPSEC with KAME
tools, and have two different domains, one on each side), and it almost
work. I can join the domain on the other side of the tunnel (I still have
a problem where wbinfo -t says it cannot find the DC) and winbindd can map
remote domain users.

Could you document the errors you get while joining (plus possibly level
2/3 log from smbd/winbind depending on which one raises the the error)

In my setup I added lmhosts files on both side (not sure if it helps but
at least I could join). Also, I did not include the VPN interfaces (but in
my setup, these are the public network interface due to new IPSEC
implementation). Also, I may be wrong, but I would make FURNSRV the domain
master on his subnet, and add a remote announce on the other subnets.

Hope it helps.

See my post of May 29, 2008 with subject "Trustdom setup and trusted group
management"


François

> My network topology is changing.  One of my network segments that used to
> be
> hard-wired will now be connecting to the rest of the network through DSL,
> with a layer of OpenVPN on top.  I am having the hardest time getting any
> form of cross-subnet browsing or WINS working.
>
> My PDC is called CORPSRV.  It has the following IPs:
> 192.168.1.1
> <external IP>
> 192.168.100.5 (OpenVPN)
>
> The DMB on the remote subnet is called FURNSRV.  It has the following IPs:
> 192.168.2.1
> 192.168.100.1 (OpenVPN)
>
> Here are the relevant parts of CORPSRV's smb.conf:
> os level = 255
> wins support = yes
> preferred master = yes
> domain master = yes
> local master = yes
> remote announce = '192.168.2.1/CORP' '192.168.4.1/CORP'
> remote browse sync = '192.168.2.1'  '192.168.4.1'
> name resolve order = wins bcast host
> interfaces = 127.0.0.1 192.168.1.1 192.168.100.5/255.255.255.0
> bind interfaces only = yes
> hosts allow = 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 192.168.6.0/24
> 192.168.100.0/24 127.0.0.1
>
> Here are the relevant parts of FURNSRV's smb.conf:
> security = domain
> password server = 192.168.1.1
> wins server = 192.168.1.1
> wins support = no
> wins proxy = yes
> name resolve order = wins bcast lmhosts host
> dns proxy = no
> local master = yes
> domain master = no
> preferred master = yes
> os level = 65
> remote browse sync = 192.168.1.1
> interfaces = 127.0.0.1 192.168.2.1 192.168.100.1/255.255.255.0
> bind interfaces only = yes
> hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24
> 192.168.6.0/24 192.168.100.0/24
>
> I can ping each server's IP from the other server.  The following
> nmblookup
> commands both work:
>
> root at corpsrv:/etc/samba# nmblookup -U 192.168.2.1 FURNSRV
> params.c:pm_process() - Processing configuration file
> "/etc/samba/printers.smb"
> added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0
> added interface ip=192.168.100.5 bcast=192.168.100.255 nmask=255.255.255.0
> Socket opened.
> querying FURNSRV on 192.168.2.1
> Got a positive name query response from 192.168.2.1 ( 192.168.100.1
> 192.168.2.1 )
> 192.168.100.1 FURNSRV<00>
> 192.168.2.1 FURNSRV<00>
>
> root at honk:/etc/samba# nmblookup -U 192.168.1.1 corpsrv
> added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
> added interface ip=192.168.2.1 bcast=192.168.2.255 nmask=255.255.255.0
> added interface ip=192.168.100.1 bcast=192.168.100.255 nmask=255.255.255.0
> Socket opened.
> querying corpsrv on 192.168.1.1
> Got a positive name query response from 192.168.1.1 ( 192.168.100.5
> 192.168.1.1 )
> 192.168.100.5 corpsrv<00>
> 192.168.1.1 corpsrv<00>
>
> I can mount shares on each server from the other, using IP addresses.  But
> I
> can't make FURNSRV join CORP, and I can't resolve FURNSRV via CORPSRV's
> WINS
> server.
>
> I know that part of the problem is that OpenVPN uses interfaces that do
> not
> allow broadcast traffic.  But I thought specifying the WINS server and
> using
> the 'remote announce' directives would fix that.
>
> I would appreciate any help at all!  Thanks so much,
> Misty
>
>
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.524 / Virus Database: 269.24.4/1475 - Release Date: 5/30/2008
> 2:53 PM
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
> --------------------------------------------------------
>


-- 
François Legal


Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------


More information about the samba mailing list