[Samba] msdfs proxy question
Michael Wilke
m at 1982.cc
Mon Feb 4 01:07:04 MST 2013
Hi Daniel,
that is exactly the problem, the samba server has an OpenVPN server, but
the VPN user group includes people who are not directly working for the
company so they should'nt have access to the internal network.
So even if I could set up the samba box as gw and limit the access to
the file server by firewall rules, I'm not sure I can restrict the
access to the file server itself and they could see way to much than
what they should.
Is there any other possibility to do that?
On Mon, 2013-02-04 at 08:33 +0100, Daniel Müller wrote:
> If you have no route to the network nothing will work.
> Samba is not a Gateway nor does it VPN connections or something like that.
> If your second network is a external one you will be better in the first
> with openvpn
> And set your routes to your needs.
> If your second network is internal you need to set up a gateway that can be
> reached from both
> Networks.
>
> Good Luck
> Daniel
>
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Michael Wilke
> Gesendet: Montag, 4. Februar 2013 08:05
> An: samba at lists.samba.org
> Betreff: [Samba] msdfs proxy question
>
> Hi List,
>
> I am struggling a little bit with the msdfs proxy parameter.
>
> I want the samba server as a kind of a bridge between two networks, that the
> samba server only shares some of the shares provided by our file server to a
> second network.
> I don't want the samba srv to be a gw or give the clients a route to the
> internal network, because it is a total different user group.
>
> I first tried to do so with an msdfs root directory and symlinks but for
> sure it didn't work, because the clients don't have a route to the source
> server.
>
> But msdfs proxy doesn't work either:
>
> smb.conf:
> -------
> [software-new]
> msdfs root = yes
> msdfs proxy= \gunter\software
>
> -------
>
> When I try to access the share from a computer in the sec. network the log
> shows:
>
> -------
> Client requested device type [?????] for share [SOFTWARE-NEW] refusing
> connection to dfs proxy share 'software-new' (pointing to
> \gunter\software)
> error packet at smbd/reply.c(803) cmd=117 (SMBtconX)
> NT_STATUS_BAD_NETWORK_NAME
> -------
>
> The server is accessible from the samba box and smbclient connects fine:
>
> root at samba:~# smbclient -L '\\gunter' -U 'DOMAIN\micha'
> WARNING: The "idmap uid" option is deprecated
> WARNING: The "idmap gid" option is deprecated Enter DOMAIN\micha's password:
>
> Domain=[DOMAIN] OS=[Windows Server 2003 R2 3790 Service Pack 2]
> Server=[Windows Server 2003 R2 5.2]
>
> Sharename Type Comment
> --------- ---- -------
> ...
> software Disk Software
> ...
>
>
> If I access the msdfs share from the sec. network (10.10.12.0) with an IP in
> the first network (10.10.10.0) then the connection redirects me to the
> gunter server and everything works, but I need a "proxy" not a standard
> msdfs redirect.
>
> Any advice appreciated
>
> Michael
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Michael Wilke
HoD Advisor IT and General Service Department
NIMR - Mbeya Medical Research Center (MMRC)
P.O. Box 2410
Mbeya - Tanzania
Mobile: +255 684 700 979 (Airtel TZ)
E-Mail: mw at nimr-mmrc.org
Internet: http://www.nimr-mmrc.org/
More information about the samba
mailing list