[Samba] Cross subnet browsing + OpenVPN
Julian Pilfold-Bagwell
jpb at bordengrammar.kent.sch.uk
Fri Jul 9 03:37:30 MDT 2010
Sorry about the delay, family emergency to deal with.
browse sync shares the info across them. I tried putting the specific
IP addresses of the local master browsers into the browse sync but it
still doesn't seem to spread everything across all the subnets.
From what I understand, the remote announce tells the WINS server to
broadcast across the remote subnets and remote
On 06/07/10 13:50, tms3 at tms3.com wrote:
>
>
> SNIP
>>
>> Hi All,
>>
>> I'm having a problem with cross subnet browsing and name resolution
>> across
>> an openvpn tunnel. i've found quite a few people who've had the same on
>> mail lists but none of their fixes have worked. The spec of the setups at
>> both ends of the tunnel are as follows:
> "remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM
> remote browse sync = 192.168.1.255 192.168.2.255"
>
> This looks odd to me.
>
> remote announce = <wins server ip>/<DOMNAME>
> remote browse sync = <wins server ip>
>
> NEEDED in both smb.conf
>
> wins server = <wins server ip>
>
> Can't remember default for this setting sooooo
>
> enhanced browsing = Yes
>
> in both smb.conf
>
>
> DHCP should point clients to headoffice for WINS. WINS proxy is not
> useful.
>>
>>
>> OS - CentOS 5.5
>> Samba Version 3.5.4
>> OpenVPN Version 2.0.9-1
>>
>> Each server is configured in gateway mode with two NICS, one to the lan
>> and the other to a modem/router. The first machine, HEADOFFICE, has an
>> internal IP address of
>> 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1,
>> has an internal address of 192.168.1.254 and an external of 192.168.20.4.
>>
>> On openVPN, I have configured client to client and routes and iroutes to
>> allow machines on each network to ping machines at the other end as well
>> as the server IP's.
>> So far so good and I can ping any machine on either subnet from anywhere
>> and get a reply. The servers are configured as Samba servers with the
>> HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1
>> machine configured as a BDC and WINS proxy. In order to maintain logon
>> facilities in the event of broadband failure,
>> I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates
>> and password changes propogate successfully from one site to the other.
>>
>> If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works
>> perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
>> fails on name resolution while
>> entering \\192.168.1.254\ brings up Windows Explorer and a list of
>> shares.
>>
>> I've included the remote browse entries in smb.conf on the PDC and have
>> WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP
>> back to the WINS server.
>> Port scanning the internal IP of each machine from the oher end of the
>> tunnel returns a full set of open ports for the services I'm using but no
>> IP.
>>
>> If anyone can spot what I'm doing wrong I'd be grateful.
>>
>> Thanks.
>>
>> ################ smb.conf - HEADOFFICE ################
>> ### Included 2nd subnet for second remote site in browse sync
>>
>> [ global]
>> workgroup = NEWDOM
>> netbios name = HEADOFFICE
>> security = user
>> enable privileges = yes
>> interfaces = 192.168.0.1 127.0.0.1
>> # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0
>> 194.168.2.0/255.255.255.0 127.0.0.1
>> remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM
>> remote browse sync = 192.168.1.255 192.168.2.255
>> wins support = yes
>> name resolve order = wins hosts bcast
>> username map = /etc/samba/smbusers
>> server string = Samba Server %v
>> encrypt passwords = Yes
>> ldap ssl = no
>> unix password sync = yes
>> ldap passwd sync = no
>> passwd program = /usr/sbin/smbldap-passwd -u "%u"
>> passwd chat = "Changing *\nNew password*" %n\n "*Retype new
>> password*" %n\n"
>>
>> # public = yes
>> # browseable = yes
>> # lm announce = yes
>> # browse list = yes
>> # auto services = yes
>>
>> log level = 3
>> syslog = 0
>> log file = /var/log/samba/log.%U
>> max log size = 100000
>> time server = Yes
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> mangling method = hash2
>> Dos charset = 850
>> Unix charset = ISO8859-1
>>
>> local master = Yes
>> domain logons = Yes
>> domain master = Yes
>> os level = 65
>> preferred master = Yes
>> wins support = yes
>>
>> passdb backend = ldapsam:ldap://127.0.0.1
>> ldap admin dn = cn=Manager,dc=newdom,dc=ldm
>> ldap suffix = dc=newdom,dc=ldm
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=Users
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=Idmap
>>
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> ldap delete dn = Yes
>> delete user script = /usr/sbin/smbldap-userdel "%u"
>> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> #delete group script = /usr/sbin/smbldap-groupdel "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m
>> "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod
>> -x "%u"
>> "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g
>> '%g' '%u'
>>
>> [shared]
>> comment = shared directory
>> path = /dat
>> browseable = yes
>> read only = no
>> create mask = 0660
>> directory mask = 0770
>>
>>
>> ############ smb.conf - REMOTE1 #############################
>>
>> [global]
>> workgroup = NEWDOM
>> netbios name = REMOTE1
>> security = user
>> enable privileges = yes
>> interfaces = 192.168.1.254 127.0.0.1
>> # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
>> 10.8.0.0/24 127.0.0.1
>> wins server = 192.168.0.1
>> wins proxy = yes
>> username map = /etc/samba/smbusers
>> name resolve order = wins bcast hosts
>> server string = Samba Server %v
>> encrypt passwords = Yes
>> ldap ssl = no
>> unix password sync = yes
>> ldap passwd sync = no
>> passwd program = /usr/sbin/smbldap-passwd -u "%u"
>> passwd chat = "Changing *\nNew password*" %n\n "*Retype new
>> password*" %n\n"
>>
>> log level = 0
>> syslog = 0
>> log file = /var/log/samba/log.%U
>> max log size = 100000
>> time server = Yes
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> mangling method = hash2
>> Dos charset = 850
>> Unix charset = ISO8859-1
>>
>> local master = Yes
>> domain logons = Yes
>> domain master = no
>> os level = 40
>> preferred master = no
>>
>> passdb backend = ldapsam:ldap://127.0.0.1
>> ldap admin dn = cn=Manager,dc=newdom,dc=ldm
>> ldap suffix = dc=newdom,dc=ldm
>> ldap group suffix = ou=Groups
>> ldap user suffix = ou=Users
>> ldap machine suffix = ou=Computers
>> ldap idmap suffix = ou=Idmap
>>
>> add user script = /usr/sbin/smbldap-useradd -m "%u"
>> ldap delete dn = Yes
>> delete user script = /usr/sbin/smbldap-userdel "%u"
>> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>> add group script = /usr/sbin/smbldap-groupadd -p "%g"
>> delete group script = /usr/sbin/smbldap-groupdel "%g"
>> add user to group script = /usr/sbin/smbldap-groupmod -m
>> "%u" "%g"
>> delete user from group script = /usr/sbin/smbldap-groupmod
>> -x "%u"
>> "%g"
>> set primary group script = /usr/sbin/smbldap-usermod -g
>> '%g' '%u'
>>
>> [test]
>> comment = test share
>> path = /test
>> browseable = yes
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list