resend as original did not post in the last 36 hours ---------- Forwarded message ---------- From: Bill Ries-Knight <[EMAIL PROTECTED]> Date: Jan 14, 2007 12:00 AM Subject: Active directory not working across openvpn tunnel To: samba@lists.samba.org
Network is 192.168.1.x office -->"HSP" domain -->small business server and exchange host Linux server openvpn tunnel Linux server 192.168.19.x 192.168.10.x "CRAGMART" domain -->school-->small business server I had to replace the linux server on the office side. We now have nost services except active direcory stuff, and can only see the local domain from either side. Browsing by IP across the tunnel to the other domain in either direction brings up a logon request, but the username is not accepted on the other side. the local domain is expected to provide credentials. from HSP it try to logon to a CRAGMART workstation with a username that is valid on both active server domains as an entry on both servers. I have a return for HSP/username. I cannot authenticate. In the other direction I will get a logon request from CRAGMART to an HSP workstation and it will return CRAGMART/username. I cannot authenticate. Looking at syslog I get the following: Jan 13 23:31:51 router kernel: REJECT INPUT IN=eth0 OUT= MAC= SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58 Jan 13 23:31:51 router winbindd[21809]: [2007/01/13 23:31:51, 0] libsmb/namequery.c:getlmhostsent(681) Jan 13 23:31:51 router winbindd[21809]: getlmhostsent: Ill formed hosts line [127.0.0.0] Jan 13 23:31:53 router kernel: REJECT INPUT IN=eth0 OUT= MAC= SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=137 DPT=137 LEN=58 Jan 13 23:31:55 router last message repeated 2 times Jan 13 23:31:56 router kernel: REJECT INPUT IN=eth0 OUT= MAC= SRC=XX.XX.21.78 DST=XX.XX.21.255 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=138 DPT=138 LEN=191 System specifics. OFFICE Debian Etch 192.168.1.1 mail:/# smbd -V :: Version 3.0.23d mail:~# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost mail 192.168.1.1 ntserver.mail.XXXX..org XX.XX.21.78 mail.XXXX.org 192.168.1.3 server 192.168.19.3 cserver 192.168.1.1 router.hsp.local router ntserver ntserver.hsp.local mail # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts SCHOOL Fedora Core 4 192.168.19.1 [EMAIL PROTECTED] ~]# smbd -V :: Version 3.0.14a-2 [EMAIL PROTECTED] ~]# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 ntserver.cragmart.local localhost.localdomain localhost filter.cragmart.local filter 192.168.1.9 jukebox -- -- Bill Ries-Knight Stockton, CA Respect the process, Vote. -- -- Bill Ries-Knight Stockton, CA Respect the process, Vote. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba