[Samba] Samba over VPN

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu Apr 22 15:44:15 MDT 2010


I had misread-  I thought the DC was the one "remote."        I think 
-but am not sure- that WINS should have handled any "netbios" stuff 
including locating the DC.  I could be wrong tho.  Can you try editing 
the lmhosts file on the Win 2003  machine to provide the DC info?

Is the sonicwall configured for a site-to-site VPN  (i.e. the IP 
addresses at both ends are explicitly configured) or is the Win 2003 
machine configured as a regular single user remote PC (what sonicwall 
calls a GroupVPN account.)


Sonicwall may have some options to redirect netbios but I am pretty sure 
you should not need this.


On 04/22/2010 04:26 PM, Mike A. Leonetti wrote:
> The W2K3 server is not the VPN client, the VPN client is a Sonicwall
> device.  However, the side that has the DC (samba), the DC server also
> initiates the VPN (openswan).  IPSec starts before samba.
>
>
> Leonardo Carneiro - Veltrac wrote:
>    
>> The W2K3 server is the VPN client or is a host behind a vpn client
>> that have a route to the remote network? Is the server IS the vpn
>> client, does the connection is being made by a service (prior to the
>> user login) or you just connect to the VPN after login?
>>
>>
>> Gaiseric Vandal wrote:
>>      
>>> How do the clients get IP addresses?   You could try adding the WINS
>>> server value to the client ip address (either statically or via
>>> DHCP.)  Then they should be able to get the necessary netbios name
>>> info even tho they are on a separate subnet.
>>>
>>> Why do you have the DC "distant"  from the clients that it supports?
>>>
>>>
>>>
>>>
>>>
>>> On 04/22/2010 09:41 AM, Mike A. Leonetti wrote:
>>>        
>>>> Yeah.  I don't think it's the VPN blocking traffic.  I think my WINS
>>>> server is not functioning properly.  I'll keep working at it.
>>>>
>>>> Daniel Müller wrote:
>>>>
>>>>          
>>>>> Are you sure,
>>>>>
>>>>> I thought with ipsec there could be netbios bypassing the tunnel.
>>>>> Shares and dns are always working.
>>>>>
>>>>>
>>>>>
>>>>> -----------------------------------------------
>>>>> EDV Daniel Müller
>>>>>
>>>>> Leitung EDV
>>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>>> Paul-Lechler-Str. 24
>>>>> 72076 Tübingen
>>>>>
>>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>> eMail: mueller at tropenklinik.de
>>>>> Internet: www.tropenklinik.de
>>>>> -----------------------------------------------
>>>>>
>>>>> -----Ursprüngliche Nachricht-----
>>>>> Von: Mike A. Leonetti [mailto:mleonetti at evolutionce.com]
>>>>> Gesendet: Mittwoch, 14. April 2010 16:47
>>>>> An: mueller at tropenklinik.de
>>>>> Cc: samba Mailing
>>>>> Betreff: Re: AW: [Samba] Samba over VPN
>>>>>
>>>>> Daniel,
>>>>>
>>>>> I'm using ipsec for a VPN.  Since all shares are working and name
>>>>> resolution all netbios packets seem to be traversing the VPN no
>>>>> problem.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> Daniel Müller wrote:
>>>>>
>>>>>
>>>>>            
>>>>>> Hello,
>>>>>>
>>>>>> as far I know you need a vpn with netbios  enabled. This can be
>>>>>> done witch
>>>>>> openvpn in briding mode. Or with a router having this option.
>>>>>>
>>>>>> Greetings
>>>>>> Daniel
>>>>>>
>>>>>> -----------------------------------------------
>>>>>> EDV Daniel Müller
>>>>>>
>>>>>> Leitung EDV
>>>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>>>> Paul-Lechler-Str. 24
>>>>>> 72076 Tübingen
>>>>>>
>>>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>>> eMail: mueller at tropenklinik.de
>>>>>> Internet: www.tropenklinik.de
>>>>>> -----------------------------------------------
>>>>>>
>>>>>> -----Ursprüngliche Nachricht-----
>>>>>> Von: samba-bounces at lists.samba.org
>>>>>> [mailto:samba-bounces at lists.samba.org]
>>>>>>
>>>>>>
>>>>>>              
>>>>> Im
>>>>>
>>>>>
>>>>>            
>>>>>> Auftrag von Mike A. Leonetti
>>>>>> Gesendet: Dienstag, 13. April 2010 22:27
>>>>>> An: Samba Mailing
>>>>>> Betreff: [Samba] Samba over VPN
>>>>>>
>>>>>> Have a 2003 server located outside of the Domain network over a VPN.
>>>>>> The server originally existed inside the network (10.1.1.0/24) but
>>>>>> now
>>>>>> exists on 10.10.12.0/24.  I can access shares over the VPN to the
>>>>>> domain
>>>>>> controller, but when I try to log in as a domain user it says the
>>>>>> domain
>>>>>> is unavailable.
>>>>>>
>>>>>> I added the domain controller as a WINS server on the 2003 server.
>>>>>> nbtstat -c on the 2003 does list the domain controller and the
>>>>>> domain.
>>>>>>
>>>>>> Microsoft Windows [Version 5.2.3790]
>>>>>> (C) Copyright 1985-2003 Microsoft Corp.
>>>>>>
>>>>>> C:\Documents and Settings\Administrator>nbtstat -c
>>>>>>
>>>>>> Local Area Connection 2:
>>>>>> Node IpAddress: [10.10.12.244] Scope Id: []
>>>>>>
>>>>>>                     NetBIOS Remote Cache Name Table
>>>>>>
>>>>>>           Name              Type       Host Address    Life [sec]
>>>>>>       ------------------------------------------------------------
>>>>>>       CRCOMPUTER<1C>    GROUP           10.1.1.1            390
>>>>>>       CRCOMPUTER<1B>    UNIQUE          10.1.1.1            387
>>>>>>       FORTISSIMO<20>    UNIQUE          10.1.1.1            430
>>>>>>
>>>>>> C:\Documents and Settings\Administrator>
>>>>>>
>>>>>> Is there a way I can test the WINS server to definitely make sure
>>>>>> it's
>>>>>> working?  Is it that SAMBA isn't broadcasting itself over the
>>>>>> 10.10.12.0
>>>>>> (VPN) network?
>>>>>>
>>>>>>
>>>>>>
>>>>>>              
>>>>>
>>>>>            
>>>        



More information about the samba mailing list