[Samba] getent not working after installing firewall

L.P.H. van Belle belle at bazuin.nl
Tue Mar 5 09:03:46 UTC 2019 

Hai Peter, 

Chipping in here. 

> >
> Hi Rowland,
> 
> You are right about firewall boxes. At least Cisco ASA is a terribly 
> (over) complicated device. People who are not Cisco pros should be 
> warned. Stay away, you will just waste your time, get frustrated, and 
> get sleepless nights.
> 
> I don't blame the Cisco ASA here. In my case, I hadn't much 
> choice. The 
> management wants network connection with Apple stuff. The only 
> reasonable solution I found was Cisco AnyConnect. Just 
> recently, I found 
> that OpenVPN works with Apple devices at the moment (no guarantee for 
> the future, seems to be an on/off type relationship between Apple and 
> OpenVPN). So I've ordered a Linux based router/firewall with 
> OpenVPN to 
> replace the Cisco stuff. Hope the ON-relationship stays for 
> the next few 
> iOS updates...
> 
> Best regards,
> 
> Peter
> 

I totaly get this.. I "also" did have 1 Cisco ASA, but, after 1 year, i removed it and put in shelve.

Why, yes, the Cisco has a great future set, but for every future you need get set contracts. 
And I dont like all the Cisco contracts, (and backdoors...)
After 1 year, i could not even get a new firmware, because i did not have a support contract. 
... WHAT.. No firmware because i dont want a support contract.. Hell no..  so bye bye cisco..
Never ever ever a Cisco for me.. 
If you want simple but good, look at draytek. More advanced, juniper, opensouce pfsence

What you want is Strongswan + openvpn. 
I've a strongswan roadwarrior setup, compatible with win7-10/IOS/Android use  strongswan app
All the client OS are native supporting the vpn setup.
And openvpn as backup, for network not supporting ipsec passthrough. 

Or, install pfsence, does the same as the cisco and probley more. 

You want apple stuff.. Install avahi on every server, samba/cups etc, should work out of the box. 
Airprinting through cups works fine here, that needs some work, but im running it about 2 years now. 

If you want info about above just pm me, no problem. 

Greetz, 

Louis

More information about the samba mailing list