[Samba] Samba over VPN
Mike A. Leonetti
mleonetti at evolutionce.com
Mon Apr 26 12:21:47 MDT 2010
The VPN is a site-to-site VPN. It's a Linux<->Sonicwall VPN. Other
users can join other Windows domains no problem. I created an lmhosts
file on the Windows 2003 server with this:
10.1.1.1 fortissimo #PRE #DOM:crcomputer
10.1.1.1 "CRCOMPUTER \0x1b"
10.1.1.1 "CRCOMPUTER \0x1c"
However, when I go to create a share and assign domain users to it, it
cannot find the domain.
Mike A. Leonetti
As warm as green tea
Evolution CE
3468C Lawson Boulevard
Oceanside, NY 11572
www.evolutionce.com
516-536-5006 ext 105
516-208-4679 (Direct)
Gaiseric Vandal wrote:
> I had misread- I thought the DC was the one "remote." I think
> -but am not sure- that WINS should have handled any "netbios" stuff
> including locating the DC. I could be wrong tho. Can you try editing
> the lmhosts file on the Win 2003 machine to provide the DC info?
>
> Is the sonicwall configured for a site-to-site VPN (i.e. the IP
> addresses at both ends are explicitly configured) or is the Win 2003
> machine configured as a regular single user remote PC (what sonicwall
> calls a GroupVPN account.)
>
>
> Sonicwall may have some options to redirect netbios but I am pretty
> sure you should not need this.
>
>
> On 04/22/2010 04:26 PM, Mike A. Leonetti wrote:
>> The W2K3 server is not the VPN client, the VPN client is a Sonicwall
>> device. However, the side that has the DC (samba), the DC server also
>> initiates the VPN (openswan). IPSec starts before samba.
>>
>>
>> Leonardo Carneiro - Veltrac wrote:
>>
>>> The W2K3 server is the VPN client or is a host behind a vpn client
>>> that have a route to the remote network? Is the server IS the vpn
>>> client, does the connection is being made by a service (prior to the
>>> user login) or you just connect to the VPN after login?
>>>
>>>
>>> Gaiseric Vandal wrote:
>>>
>>>> How do the clients get IP addresses? You could try adding the WINS
>>>> server value to the client ip address (either statically or via
>>>> DHCP.) Then they should be able to get the necessary netbios name
>>>> info even tho they are on a separate subnet.
>>>>
>>>> Why do you have the DC "distant" from the clients that it supports?
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 04/22/2010 09:41 AM, Mike A. Leonetti wrote:
>>>>
>>>>> Yeah. I don't think it's the VPN blocking traffic. I think my WINS
>>>>> server is not functioning properly. I'll keep working at it.
>>>>>
>>>>> Daniel Müller wrote:
>>>>>
>>>>>
>>>>>> Are you sure,
>>>>>>
>>>>>> I thought with ipsec there could be netbios bypassing the tunnel.
>>>>>> Shares and dns are always working.
>>>>>>
>>>>>>
>>>>>>
>>>>>> -----------------------------------------------
>>>>>> EDV Daniel Müller
>>>>>>
>>>>>> Leitung EDV
>>>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>>>> Paul-Lechler-Str. 24
>>>>>> 72076 Tübingen
>>>>>>
>>>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>>> eMail: mueller at tropenklinik.de
>>>>>> Internet: www.tropenklinik.de
>>>>>> -----------------------------------------------
>>>>>>
>>>>>> -----Ursprüngliche Nachricht-----
>>>>>> Von: Mike A. Leonetti [mailto:mleonetti at evolutionce.com]
>>>>>> Gesendet: Mittwoch, 14. April 2010 16:47
>>>>>> An: mueller at tropenklinik.de
>>>>>> Cc: samba Mailing
>>>>>> Betreff: Re: AW: [Samba] Samba over VPN
>>>>>>
>>>>>> Daniel,
>>>>>>
>>>>>> I'm using ipsec for a VPN. Since all shares are working and name
>>>>>> resolution all netbios packets seem to be traversing the VPN no
>>>>>> problem.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> Daniel Müller wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> as far I know you need a vpn with netbios enabled. This can be
>>>>>>> done witch
>>>>>>> openvpn in briding mode. Or with a router having this option.
>>>>>>>
>>>>>>> Greetings
>>>>>>> Daniel
>>>>>>>
>>>>>>> -----------------------------------------------
>>>>>>> EDV Daniel Müller
>>>>>>>
>>>>>>> Leitung EDV
>>>>>>> Tropenklinik Paul-Lechler-Krankenhaus
>>>>>>> Paul-Lechler-Str. 24
>>>>>>> 72076 Tübingen
>>>>>>>
>>>>>>> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>>>> eMail: mueller at tropenklinik.de
>>>>>>> Internet: www.tropenklinik.de
>>>>>>> -----------------------------------------------
>>>>>>>
>>>>>>> -----Ursprüngliche Nachricht-----
>>>>>>> Von: samba-bounces at lists.samba.org
>>>>>>> [mailto:samba-bounces at lists.samba.org]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Im
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Auftrag von Mike A. Leonetti
>>>>>>> Gesendet: Dienstag, 13. April 2010 22:27
>>>>>>> An: Samba Mailing
>>>>>>> Betreff: [Samba] Samba over VPN
>>>>>>>
>>>>>>> Have a 2003 server located outside of the Domain network over a
>>>>>>> VPN.
>>>>>>> The server originally existed inside the network (10.1.1.0/24) but
>>>>>>> now
>>>>>>> exists on 10.10.12.0/24. I can access shares over the VPN to the
>>>>>>> domain
>>>>>>> controller, but when I try to log in as a domain user it says the
>>>>>>> domain
>>>>>>> is unavailable.
>>>>>>>
>>>>>>> I added the domain controller as a WINS server on the 2003 server.
>>>>>>> nbtstat -c on the 2003 does list the domain controller and the
>>>>>>> domain.
>>>>>>>
>>>>>>> Microsoft Windows [Version 5.2.3790]
>>>>>>> (C) Copyright 1985-2003 Microsoft Corp.
>>>>>>>
>>>>>>> C:\Documents and Settings\Administrator>nbtstat -c
>>>>>>>
>>>>>>> Local Area Connection 2:
>>>>>>> Node IpAddress: [10.10.12.244] Scope Id: []
>>>>>>>
>>>>>>> NetBIOS Remote Cache Name Table
>>>>>>>
>>>>>>> Name Type Host Address Life [sec]
>>>>>>> ------------------------------------------------------------
>>>>>>> CRCOMPUTER<1C> GROUP 10.1.1.1 390
>>>>>>> CRCOMPUTER<1B> UNIQUE 10.1.1.1 387
>>>>>>> FORTISSIMO<20> UNIQUE 10.1.1.1 430
>>>>>>>
>>>>>>> C:\Documents and Settings\Administrator>
>>>>>>>
>>>>>>> Is there a way I can test the WINS server to definitely make sure
>>>>>>> it's
>>>>>>> working? Is it that SAMBA isn't broadcasting itself over the
>>>>>>> 10.10.12.0
>>>>>>> (VPN) network?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>
>
More information about the samba
mailing list