OS - CentOS 5.5
Samba Version 3.5.4
OpenVPN Version 2.0.9-1
Each server is configured in gateway mode with two NICS, one to the
lan
and the other to a modem/router. The first machine, HEADOFFICE, has an
internal IP address of
192.168.0.1 and an external of 192.168.10.4. The second machine,
REMOTE1,
has an internal address of 192.168.1.254 and an external of
192.168.20.4.
On openVPN, I have configured client to client and routes and iroutes
to
allow machines on each network to ping machines at the other end as
well
as the server IP's.
So far so good and I can ping any machine on either subnet from
anywhere
and get a reply. The servers are configured as Samba servers with the
HEADOFFICE machine working as a PDC, DMC and WINS server and the
REMOTE1
machine configured as a BDC and WINS proxy. In order to
maintain
logon
facilities in the event of broadband failure,
I have replicated the LDAP server from HEADOFFICE to REMOTE1 and
updates
and password changes propogate successfully from one site to the
other.
If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it
works
perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
fails on name resolution while
entering \\192.168.1.254\ brings up Windows Explorer and a list of
shares.
I've included the remote browse entries in smb.conf on the PDC and
have
WINS Proxying set up on the BDC but I can't get it to push REMOTE1's
IP
back to the WINS server.
Port scanning the internal IP of each machine from the oher end of the
tunnel returns a full set of open ports for the services I'm using
but no
IP.
If anyone can spot what I'm doing wrong I'd be grateful.
Thanks.
################ smb.conf - HEADOFFICE ################
### Included 2nd subnet for second remote site in browse sync
[ global]
workgroup = NEWDOM
netbios name = HEADOFFICE
security = user
enable privileges = yes
interfaces = 192.168.0.1 127.0.0.1
# hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0
194.168.2.0/255.255.255.0 127.0.0.1
remote announce = 192.168.2.255/NEWDOM
192.168.1.255/NEWDOM
remote browse sync = 192.168.1.255 192.168.2.255
wins support = yes
name resolve order = wins hosts bcast
username map = /etc/samba/smbusers
server string = Samba Server %v
encrypt passwords = Yes
ldap ssl = no
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n
"*Retype new
password*" %n\n"
# public = yes
# browseable = yes
# lm announce = yes
# browse list = yes
# auto services = yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
local master = Yes
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=newdom,dc=ldm
ldap suffix = dc=newdom,dc=ldm
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m
"%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel
"%u"
add machine script = /usr/sbin/smbldap-useradd -t
0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p
"%g"
#delete group script = /usr/sbin/smbldap-groupdel
"%g"
add user to group script =
/usr/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script =
/usr/sbin/smbldap-groupmod
-x "%u"
"%g"
set primary group script =
/usr/sbin/smbldap-usermod -g
'%g' '%u'
[shared]
comment = shared directory
path = /dat
browseable = yes
read only = no
create mask = 0660
directory mask = 0770
############ smb.conf - REMOTE1 #############################
[global]
workgroup = NEWDOM
netbios name = REMOTE1
security = user
enable privileges = yes
interfaces = 192.168.1.254 127.0.0.1
# hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
10.8.0.0/24 127.0.0.1
wins server = 192.168.0.1
wins proxy = yes
username map = /etc/samba/smbusers
name resolve order = wins bcast hosts
server string = Samba Server %v
encrypt passwords = Yes
ldap ssl = no
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n
"*Retype new
password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
local master = Yes
domain logons = Yes
domain master = no
os level = 40
preferred master = no
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=newdom,dc=ldm
ldap suffix = dc=newdom,dc=ldm
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m
"%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel
"%u"
add machine script = /usr/sbin/smbldap-useradd -t
0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p
"%g"
delete group script = /usr/sbin/smbldap-groupdel
"%g"
add user to group script =
/usr/sbin/smbldap-groupmod -m
"%u" "%g"
delete user from group script =
/usr/sbin/smbldap-groupmod
-x "%u"
"%g"
set primary group script =
/usr/sbin/smbldap-usermod -g
'%g' '%u'
[test]
comment = test share
path = /test
browseable = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba