[Samba] Odd VPN connectivity problem

Jon Gerdes gerdesj at blueloop.net
Thu Nov 19 11:29:07 UTC 2020

On Thu, 2020-11-19 at 10:48 +0100, Marco Gaiarin via samba wrote:
> Mandi! Jon Gerdes via samba
>   In chel di` si favelave...
> > I think that winbind is binding to an address and claiming to be the wrong one when the VPN is running and hence
> > breaking things.  I've tried "bind interfaces only" but that does not work.  
> OpenVPN and Samba on the same host? If yes, probably you have to do
> some sort of SNAT...

Thanks for the responses,

I've just re-read man smb.conf and bind interfaces only mentions smbd and nmbd.  Perhaps winbind ignores it.  I am now
guessing but it looks like winbind happily chatters CLDAP over UDP which is connectionless by definition but when it
switches to TCP for LDAP it:

* Opens a local socket which is on a "real" interface and sends that out, the VPN sends it and becomes the source IP
* The SYN-ACK comes back (the other end doesn't care)
* An RST is sent because there is no listening socket on the tun interface

I think I have painted myself into a corner!  It looks like SNAT is needed or a feature request/bug for winbind.  My
other option is to turn my OpenVPN connection into the opposite of the usual split tunnel or perhaps switch to IPSEC.


More information about the samba mailing list