[Samba] getent not working after installing firewall

Peter Milesson miles at atmos.eu
Tue Mar 5 09:44:53 UTC 2019



On 05.03.2019 10:03, L.P.H. van Belle via samba wrote:
> Hai Peter,
>
> Chipping in here.
>
>> Hi Rowland,
>>
>> You are right about firewall boxes. At least Cisco ASA is a terribly
>> (over) complicated device. People who are not Cisco pros should be
>> warned. Stay away, you will just waste your time, get frustrated, and
>> get sleepless nights.
>>
>> I don't blame the Cisco ASA here. In my case, I hadn't much
>> choice. The
>> management wants network connection with Apple stuff. The only
>> reasonable solution I found was Cisco AnyConnect. Just
>> recently, I found
>> that OpenVPN works with Apple devices at the moment (no guarantee for
>> the future, seems to be an on/off type relationship between Apple and
>> OpenVPN). So I've ordered a Linux based router/firewall with
>> OpenVPN to
>> replace the Cisco stuff. Hope the ON-relationship stays for
>> the next few
>> iOS updates...
>>
>> Best regards,
>>
>> Peter
>>
> I totaly get this.. I "also" did have 1 Cisco ASA, but, after 1 year, i removed it and put in shelve.
>
> Why, yes, the Cisco has a great future set, but for every future you need get set contracts.
> And I dont like all the Cisco contracts, (and backdoors...)
> After 1 year, i could not even get a new firmware, because i did not have a support contract.
> ... WHAT.. No firmware because i dont want a support contract.. Hell no..  so bye bye cisco..
> Never ever ever a Cisco for me..
> If you want simple but good, look at draytek. More advanced, juniper, opensouce pfsence
>
> What you want is Strongswan + openvpn.
> I've a strongswan roadwarrior setup, compatible with win7-10/IOS/Android use  strongswan app
> All the client OS are native supporting the vpn setup.
> And openvpn as backup, for network not supporting ipsec passthrough.
>
> Or, install pfsence, does the same as the cisco and probley more.
>
> You want apple stuff.. Install avahi on every server, samba/cups etc, should work out of the box.
> Airprinting through cups works fine here, that needs some work, but im running it about 2 years now.
>
> If you want info about above just pm me, no problem.
>
> Greetz,
>
> Louis
>
>
Hi Louis,

Thanks for you kind offer! I totally concur with your opinion about Cisco.

I needed something really simple for the iOS, and at the moment of 
choice, there was only Cisco AnyConnect that fulfilled the criteria. 
Presently, I have already replaced AnyConnect with OpenVPN, just routing 
it through the ASA to a couple of internal OpenVPN servers. The 
management don't do fancy stuff like printing (:-o) it's just about 
e-mail access.

I had a look at Draytek, looks good, but the distribution here in 
Czechia seems to be very patchy. At the moment my needs are quite 
simple, just routing, standard firewalling, NATing, and VPN. I have an 
old PC/router with Linux and iptables laying around, but I need more 
than 6 ethernet ports, which makes a commercial router the only 
reasonable choice. A bit off topic ;-)

Best regards,

Peter




More information about the samba mailing list