I noticed this book in a local book store this weekend. Might help you out?
http://safari.oreilly.com/main.asp?bookname=samba > The problem I have is that I am looking at LEAF as an option for small > offices, warehouses, etc. to access resources on corporate networks. I deal > with quite large enterprises. One of them has a huge network of over 25,000 > servers in dozens of domains, all with trust relationships. Users want to > be able to run logon scripts which will map their most commonly used > drives, but also to browse this huge network so they can find and access > other resources anywhere in the world. It all makes for a rather large > complicated browse list. > > It is a tough first routed SMB problem to solve, but once I get it working > other networks should be a bit easier. > > I have to say that Charles experiences and expertise make this job a whole > lot easier. Thanks Charles. > > Best Regards, > > Roger McClurg > [EMAIL PROTECTED] > > > > > > Brock Nanson > > <bnanson To: [EMAIL PROTECTED] > > @true.bc.ca> cc: Roger E McClurg/CEG/CSC@CSC > > Subject: RE:[Leaf-user] NT > networking over LEAF IPSEC VPN > 04/19/2002 > > 06:01 PM > > > > > > > > > > Roger, > > I may have been one of those who replied on the FreeS/WAN list. Your > posting has actually prompted me to revisit the whole issue. In brief, > I think I said that the transfer speeds were fine so long as WINS and > browsing was left out of the equation. At least that seems to be the > case. However, as you know, this precludes using network neighbourhood. > > Do you need free run of network neighbourhood, or could you get by with > several mapped drives? These could be done automagically with a logon > script. > > If you want to do some testing, contact me off-list and we can set up a > tunnel to try some of these things if you like (samba, wins, browsing > etc.). I have a LEAF gateway at home, but don't really want to mess > with the production ones with these tests! > > I'm suspicious that some of the speed trouble may be related to the way > smb works. If you look at the man page for dhcp-options(5) you will see > references to several netbios items. The one that caught my attention > was 'all-subnets-local' which suggested an MTU adjustment... > > Brock > > > Message: 1 > > Date: Fri, 19 Apr 2002 14:11:42 -0400 > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: [Leaf-user] NT networking over LEAF IPSEC VPN > > > > I posted the problem below on the FreeS/WAN users list and > > got a number of replies including agreement from others who > > have tried, but no one said "Hey I have NT (SMB) running > > across an IPSEC VPN". The best suggestions I got were to > > create a WINS (SAMBA) server on the remote side. I agree that > > should solve the problem, but when one talks about adding > > potentially hundreds of new SAMBA servers to a domain with > > trust relationships to thousands of servers this presents a > > big problem. > > > > The setup is simple: one or many Windows PC on the remote > > end, dozens of NT domains on the local end, and DCD-Cisco > > Router in between. Has anyone here at LEAF gotten SMB > > networking to propagate properly through an IPSEC tunnel? I > > can map drives and access file shares. > > It is s l o w but it works. What I can't do is view > > network browse > > lists, do network printing, in short almost the entire gamut of SMB. > > > > WINS information is passed by the DHCP server to the PCs. I > > have tried putting server info in LMHOSTS files. None of it > > helps. Has anyone solved this problem before? > > > > Roger > > > > -=-=-=-=--=-=-=-=-=-=-=-=-=-=-=- > > > > Date: Wed, 17 Apr 2002 12:00:47 -0400 > > From: [EMAIL PROTECTED] > > To: [EMAIL PROTECTED] > > Subject: [Users] NT networking over a FreeS/WAN tunnel > > > > I am running a tunnel from a Dachstein firewall to a Cisco > > router. WINS servers are on the inside of the Cisco and > > Windows machines on the inside of the Dachstein. The Cisco > > router NATs the Tunnel addresses to routable addresses on its > > inside interface. > > > > Everything seems to be working fine through the tunnel (TCP, > > ICMP, UDP) except the NT networking. DHCP on the Dachstein > > passes the correct Wins information to the Windows PCs. I can > > logon (usually). I can map drives on servers, if I know in > > advance the server/share name. Mapped drives are horrendously > > slow. I can not browse the NT domain. I can not use network > > printers. > > > > Does anyone have a clue as to what might be the problem? > > > > Roger > > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
