[Samba] Odd VPN connectivity problem
gerdesj at blueloop.net
Thu Nov 19 11:29:07 UTC 2020
On Thu, 2020-11-19 at 10:48 +0100, Marco Gaiarin via samba wrote:
> Mandi! Jon Gerdes via samba
> In chel di` si favelave...
> > I think that winbind is binding to an address and claiming to be the wrong one when the VPN is running and hence
> > breaking things. I've tried "bind interfaces only" but that does not work.
> OpenVPN and Samba on the same host? If yes, probably you have to do
> some sort of SNAT...
Thanks for the responses,
I've just re-read man smb.conf and bind interfaces only mentions smbd and nmbd. Perhaps winbind ignores it. I am now
guessing but it looks like winbind happily chatters CLDAP over UDP which is connectionless by definition but when it
switches to TCP for LDAP it:
* Opens a local socket which is on a "real" interface and sends that out, the VPN sends it and becomes the source IP
* The SYN-ACK comes back (the other end doesn't care)
* An RST is sent because there is no listening socket on the tun interface
I think I have painted myself into a corner! It looks like SNAT is needed or a feature request/bug for winbind. My
other option is to turn my OpenVPN connection into the opposite of the usual split tunnel or perhaps switch to IPSEC.
More information about the samba