[Samba] Cross subnet browsing + OpenVPN

Julian Pilfold-Bagwell jpb at bordengrammar.kent.sch.uk
Fri Jul 9 03:37:30 MDT 2010


Sorry about the delay, family emergency to deal with.
browse sync shares the info across them.  I tried putting the specific 
IP addresses of the local master browsers into the browse sync but it 
still doesn't seem to spread everything across all the subnets.


 From what I understand, the remote announce tells the WINS server to 
broadcast across the remote subnets and remote

On 06/07/10 13:50, tms3 at tms3.com wrote:
>
>
> SNIP
>>
>> Hi All,
>>
>> I'm having a problem with cross subnet browsing and name resolution 
>> across
>> an openvpn tunnel. i've found quite a few people who've had the same on
>> mail lists but none of their fixes have worked. The spec of the setups at
>> both ends of the tunnel are as follows:
>          "remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM
>           remote browse sync = 192.168.1.255 192.168.2.255"
>
> This looks odd to me.
>
> remote announce = <wins server ip>/<DOMNAME>
> remote browse sync = <wins server ip>
>
> NEEDED in both smb.conf
>
> wins server = <wins server ip>
>
> Can't remember default for this setting sooooo
>
> enhanced browsing = Yes
>
> in both smb.conf
>
>
> DHCP should point clients to headoffice for WINS.  WINS proxy is not 
> useful.
>>
>>
>> OS - CentOS 5.5
>> Samba Version 3.5.4
>> OpenVPN Version 2.0.9-1
>>
>> Each server is configured in gateway mode with two NICS, one to the lan
>> and the other to a modem/router. The first machine, HEADOFFICE, has an
>> internal IP address of
>> 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1,
>> has an internal address of 192.168.1.254 and an external of 192.168.20.4.
>>
>> On openVPN, I have configured client to client and routes and iroutes to
>> allow machines on each network to ping machines at the other end as well
>> as the server IP's.
>> So far so good and I can ping any machine on either subnet from anywhere
>> and get a reply. The servers are configured as Samba servers with the
>> HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1
>>    machine configured as a BDC and WINS proxy. In order to maintain logon
>> facilities in the event of broadband failure,
>> I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates
>> and password changes propogate successfully from one site to the other.
>>
>> If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works
>> perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
>> fails on name resolution while
>> entering \\192.168.1.254\ brings up Windows Explorer and a list of 
>> shares.
>>
>> I've included the remote browse entries in smb.conf on the PDC and have
>> WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP
>> back to the WINS server.
>> Port scanning the internal IP of each machine from the oher end of the
>> tunnel returns a full set of open ports for the services I'm using but no
>> IP.
>>
>> If anyone can spot what I'm doing wrong I'd be grateful.
>>
>> Thanks.
>>
>> ################ smb.conf - HEADOFFICE ################
>> ### Included 2nd subnet for second remote site in browse sync
>>
>> [ global]
>>           workgroup = NEWDOM
>>           netbios name = HEADOFFICE
>>           security = user
>>           enable privileges = yes
>>           interfaces = 192.168.0.1 127.0.0.1
>> # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0
>> 194.168.2.0/255.255.255.0 127.0.0.1
>>           remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM
>>           remote browse sync = 192.168.1.255 192.168.2.255
>>           wins support = yes
>>           name resolve order = wins hosts bcast
>>           username map = /etc/samba/smbusers
>>           server string = Samba Server %v
>>           encrypt passwords = Yes
>>           ldap ssl = no
>>           unix password sync = yes
>>           ldap passwd sync = no
>>           passwd program = /usr/sbin/smbldap-passwd -u "%u"
>>           passwd chat = "Changing *\nNew password*" %n\n "*Retype new
>> password*" %n\n"
>>
>> # public = yes
>> # browseable = yes
>> # lm announce = yes
>> # browse list = yes
>> # auto services = yes
>>
>>           log level = 3
>>           syslog = 0
>>           log file = /var/log/samba/log.%U
>>           max log size = 100000
>>           time server = Yes
>>           socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>           mangling method = hash2
>>           Dos charset = 850
>>           Unix charset = ISO8859-1
>>
>>           local master = Yes
>>           domain logons = Yes
>>           domain master = Yes
>>           os level = 65
>>           preferred master = Yes
>>           wins support = yes
>>
>>           passdb backend = ldapsam:ldap://127.0.0.1
>>           ldap admin dn = cn=Manager,dc=newdom,dc=ldm
>>           ldap suffix = dc=newdom,dc=ldm
>>           ldap group suffix = ou=Groups
>>           ldap user suffix = ou=Users
>>           ldap machine suffix = ou=Computers
>>           ldap idmap suffix = ou=Idmap
>>
>>           add user script = /usr/sbin/smbldap-useradd -m "%u"
>>           ldap delete dn = Yes
>>           delete user script = /usr/sbin/smbldap-userdel "%u"
>>           add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>>           add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>           #delete group script = /usr/sbin/smbldap-groupdel "%g"
>>           add user to group script = /usr/sbin/smbldap-groupmod -m 
>> "%u" "%g"
>>           delete user from group script = /usr/sbin/smbldap-groupmod 
>> -x "%u"
>> "%g"
>>           set primary group script = /usr/sbin/smbldap-usermod -g 
>> '%g' '%u'
>>
>> [shared]
>>           comment = shared directory
>>           path = /dat
>>           browseable = yes
>>           read only = no
>>           create mask = 0660
>>           directory mask = 0770
>>
>>
>> ############ smb.conf - REMOTE1 #############################
>>
>> [global]
>>           workgroup = NEWDOM
>>           netbios name = REMOTE1
>>           security = user
>>           enable privileges = yes
>>           interfaces = 192.168.1.254 127.0.0.1
>> # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
>> 10.8.0.0/24 127.0.0.1
>>           wins server = 192.168.0.1
>>           wins proxy = yes
>>           username map = /etc/samba/smbusers
>>           name resolve order = wins bcast hosts
>>           server string = Samba Server %v
>>           encrypt passwords = Yes
>>           ldap ssl = no
>>           unix password sync = yes
>>           ldap passwd sync = no
>>           passwd program = /usr/sbin/smbldap-passwd -u "%u"
>>           passwd chat = "Changing *\nNew password*" %n\n "*Retype new
>> password*" %n\n"
>>
>>           log level = 0
>>           syslog = 0
>>           log file = /var/log/samba/log.%U
>>           max log size = 100000
>>           time server = Yes
>>           socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>           mangling method = hash2
>>           Dos charset = 850
>>           Unix charset = ISO8859-1
>>
>>           local master = Yes
>>           domain logons = Yes
>>           domain master = no
>>           os level = 40
>>           preferred master = no
>>
>>           passdb backend = ldapsam:ldap://127.0.0.1
>>           ldap admin dn = cn=Manager,dc=newdom,dc=ldm
>>           ldap suffix = dc=newdom,dc=ldm
>>           ldap group suffix = ou=Groups
>>           ldap user suffix = ou=Users
>>           ldap machine suffix = ou=Computers
>>           ldap idmap suffix = ou=Idmap
>>
>>           add user script = /usr/sbin/smbldap-useradd -m "%u"
>>           ldap delete dn = Yes
>>           delete user script = /usr/sbin/smbldap-userdel "%u"
>>           add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
>>           add group script = /usr/sbin/smbldap-groupadd -p "%g"
>>           delete group script = /usr/sbin/smbldap-groupdel "%g"
>>           add user to group script = /usr/sbin/smbldap-groupmod -m 
>> "%u" "%g"
>>           delete user from group script = /usr/sbin/smbldap-groupmod 
>> -x "%u"
>> "%g"
>>           set primary group script = /usr/sbin/smbldap-usermod -g 
>> '%g' '%u'
>>
>> [test]
>>         comment = test share
>>         path = /test
>>         browseable = yes
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>



More information about the samba mailing list