[Samba] Cross subnet browsing + OpenVPN
tms3 at tms3.com
tms3 at tms3.com
Tue Jul 6 06:50:29 MDT 2010
SNIP
>
>
> Hi All,
>
> I'm having a problem with cross subnet browsing and name resolution
> across
> an openvpn tunnel. i've found quite a few people who've had the same
> on
> mail lists but none of their fixes have worked. The spec of the setups
> at
> both ends of the tunnel are as follows:
"remote announce = 192.168.2.255/NEWDOM
192.168.1.255/NEWDOM
remote browse sync = 192.168.1.255 192.168.2.255"
This looks odd to me.
remote announce = <wins server ip>/<DOMNAME>
remote browse sync = <wins server ip>
NEEDED in both smb.conf
wins server = <wins server ip>
Can't remember default for this setting sooooo
enhanced browsing = Yes
in both smb.conf
DHCP should point clients to headoffice for WINS. WINS proxy is not
useful.
>
>
>
> OS - CentOS 5.5
> Samba Version 3.5.4
> OpenVPN Version 2.0.9-1
>
> Each server is configured in gateway mode with two NICS, one to the
> lan
> and the other to a modem/router. The first machine, HEADOFFICE, has
> an
> internal IP address of
> 192.168.0.1 and an external of 192.168.10.4. The second machine,
> REMOTE1,
> has an internal address of 192.168.1.254 and an external of
> 192.168.20.4.
>
> On openVPN, I have configured client to client and routes and iroutes
> to
> allow machines on each network to ping machines at the other end as
> well
> as the server IP's.
> So far so good and I can ping any machine on either subnet from
> anywhere
> and get a reply. The servers are configured as Samba servers with the
> HEADOFFICE machine working as a PDC, DMC and WINS server and the
> REMOTE1
> machine configured as a BDC and WINS proxy. In order to maintain
> logon
> facilities in the event of broadband failure,
> I have replicated the LDAP server from HEADOFFICE to REMOTE1 and
> updates
> and password changes propogate successfully from one site to the
> other.
>
> If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it
> works
> perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
> fails on name resolution while
> entering \\192.168.1.254\ brings up Windows Explorer and a list of
> shares.
>
> I've included the remote browse entries in smb.conf on the PDC and
> have
> WINS Proxying set up on the BDC but I can't get it to push REMOTE1's
> IP
> back to the WINS server.
> Port scanning the internal IP of each machine from the oher end of the
> tunnel returns a full set of open ports for the services I'm using but
> no
> IP.
>
> If anyone can spot what I'm doing wrong I'd be grateful.
>
> Thanks.
>
> ################ smb.conf - HEADOFFICE ################
> ### Included 2nd subnet for second remote site in browse sync
>
> [ global]
> workgroup = NEWDOM
> netbios name = HEADOFFICE
> security = user
> enable privileges = yes
> interfaces = 192.168.0.1 127.0.0.1
> # hosts allow = 192.168.0.0/255.255.255.0
> 192.168.1.0/255.255.255.0
> 194.168.2.0/255.255.255.0 127.0.0.1
> remote announce = 192.168.2.255/NEWDOM
> 192.168.1.255/NEWDOM
> remote browse sync = 192.168.1.255 192.168.2.255
> wins support = yes
> name resolve order = wins hosts bcast
> username map = /etc/samba/smbusers
> server string = Samba Server %v
> encrypt passwords = Yes
> ldap ssl = no
> unix password sync = yes
> ldap passwd sync = no
> passwd program = /usr/sbin/smbldap-passwd -u "%u"
> passwd chat = "Changing *\nNew password*" %n\n
> "*Retype new
> password*" %n\n"
>
> # public = yes
> # browseable = yes
> # lm announce = yes
> # browse list = yes
> # auto services = yes
>
> log level = 3
> syslog = 0
> log file = /var/log/samba/log.%U
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> mangling method = hash2
> Dos charset = 850
> Unix charset = ISO8859-1
>
> local master = Yes
> domain logons = Yes
> domain master = Yes
> os level = 65
> preferred master = Yes
> wins support = yes
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=Manager,dc=newdom,dc=ldm
> ldap suffix = dc=newdom,dc=ldm
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
>
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -t 0
> -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> #delete group script = /usr/sbin/smbldap-groupdel
> "%g"
> add user to group script = /usr/sbin/smbldap-groupmod
> -m "%u" "%g"
> delete user from group script =
> /usr/sbin/smbldap-groupmod -x "%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod
> -g '%g' '%u'
>
> [shared]
> comment = shared directory
> path = /dat
> browseable = yes
> read only = no
> create mask = 0660
> directory mask = 0770
>
>
> ############ smb.conf - REMOTE1 #############################
>
> [global]
> workgroup = NEWDOM
> netbios name = REMOTE1
> security = user
> enable privileges = yes
> interfaces = 192.168.1.254 127.0.0.1
> # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
> 10.8.0.0/24 127.0.0.1
> wins server = 192.168.0.1
> wins proxy = yes
> username map = /etc/samba/smbusers
> name resolve order = wins bcast hosts
> server string = Samba Server %v
> encrypt passwords = Yes
> ldap ssl = no
> unix password sync = yes
> ldap passwd sync = no
> passwd program = /usr/sbin/smbldap-passwd -u "%u"
> passwd chat = "Changing *\nNew password*" %n\n
> "*Retype new
> password*" %n\n"
>
> log level = 0
> syslog = 0
> log file = /var/log/samba/log.%U
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
> mangling method = hash2
> Dos charset = 850
> Unix charset = ISO8859-1
>
> local master = Yes
> domain logons = Yes
> domain master = no
> os level = 40
> preferred master = no
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=Manager,dc=newdom,dc=ldm
> ldap suffix = dc=newdom,dc=ldm
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
>
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -t 0
> -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod
> -m "%u" "%g"
> delete user from group script =
> /usr/sbin/smbldap-groupmod -x "%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod
> -g '%g' '%u'
>
> [test]
> comment = test share
> path = /test
> browseable = yes
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list