Re: [Samba] Access shares over IPSEC
If you become a 'local' ip (eg. meaning a normal internal ip in your LAN) wins should already been covered. However you VPN concentrator or DHCP provide should forward you the ip of the wins server. To check this: use an ip from a server to connect to eg: \\SERVERIP If this works, your wins server is not forwarded. You might be able the configure this manually in the properties of your UMTS connection, however I do not know if that will work. Another issues could be the MTU of the connection. IPSEC adds some overhead to the connection so packets from the server might not reach the other side. Good luck. Barry, Christopher wrote: You could be SOL then. -Original Message- From: Michael Voss [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 28, 2006 10:30 AM To: Barry, Christopher Subject: AW: [Samba] Access shares over IPSEC Hm, but i don't no where i can this make. We connect over an IPSec-Client and here is it impossible to make WINS-entry. I become a local Ip (i.e. 192.168.10.50) and that's all. I can't see my details of the IPSec connection. I have a internet connection via UMTS and with ipconfig /all I see only the details of the UMTS-internet connection. Well it's not the preferred method, but lmhosts can do the job. windir/system32/drivers/etc/lmhosts Add any machine names that are needed. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP: What has changed between 3.0.11 and 3.0.20
Hi, I recently upgraded our PDC to Samba 3.0.20 from 3.0.11. Unfortunately the user manager (usrmgr.exe) does not show all the users anymore. I cannot find the real culprit yet, but: Oct 28 19:18:08 [slapd] conn=2886 op=8 SRCH base=ou=people,dc=aub.nl,dc=aub,dc=nl scope=2 deref=0 filter=((uid=*)(objectClass=sambaSamAccount))_ Oct 28 19:18:08 [slapd] conn=2886 op=8 SRCH attr=uid sambaSid displayName description sambaAcctFlags_ Oct 28 19:18:08 [slapd] conn=2886 op=8 SEARCH RESULT tag=101 err=0 nentries=117 text=_ Oct 28 19:18:08 [slapd] conn=2886 op=9 SRCH base=dc=aub.nl,dc=aub,dc=nl scope=2 deref=0 filter=((objectClass=sambaGroupMapping)(sambaGroupType=4))_ Oct 28 19:18:08 [slapd] conn=2886 op=9 SRCH attr=cn sambaSid displayName description sambaGroupType_ shows that all entries are initially returned. After that Samba goes out to find the groups. It seems to me that something goes wrong here but I am not sure. Did something change so dramatically between 3.0.11 and 3.0.20, that I should have adjusted my config or directory (I am not using ldap filter) or is this something else? Kind regards, B. de Bruin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wierd Samba permissions problem (URGENT)
Which version of samba are you using? Until 3.0.14 there was a bug in the ACL handling of Samba afaik. The symptoms you describe sound very similar. Hello List, Please CC me on responses as I am not currently subscribed to the list. Please see the following attached files for details. Basically, Samba comes back and says the our users have no rights to create / modify / delete files on a share, even though the file system permissions seem correct and the smb.conf file looks good and the user either owns the file / directory or is listed in the group. -- Lee Leahu RICIS, Inc. Internet Technology Specialist 866-RICIS-77 Toll Free Voice (US) [EMAIL PROTECTED] 708-444-2690 Voice (International) http://www.ricis.com/ 866-99-RICIS Toll Free Fax (US) 708-444-2697 Fax (International) RICIS, Inc. is a member of the Public Safety Alliance Group This email and any attachments that are included in it have been scanned for malicious or inappropriate content and are believed to be safe. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Demote old NT4 PDC to member of Samba domain?
There is a tool called uPromote, which should handle such a case. It is payware though. regards Hi, When installing Samba, I made it a PDC in a new domain. Now I would like the old NT4 PDC in the old domain to become a plain host in my Samba domain. Is this possible? I need to keep the old NT4 machine because it's running the Symantec Corporate Edition NAV. In other words, I have NEWDOMAIN with Samba PDC and all clients OLDDOMAIN with NT4 PDC alone, no client Can my NT4 PDC become a plain client in NEWDOMAIN? Thanks, Mi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Netbios over IPSec
Actually - as I stated - I have cross subnet browsing working (and thus wins). And I do have a samba box on both ends. The behaviour I noted happens irregularly: sometimes I can open a share on the other subnet, but mostly I cannot not. I'll still have a look at your suggestions though, it might help. Regards, Bolke I suspect your problem is, netbios *broadcasts* simply don't traverse an IPSec tunnel... OpenVPN is likely a different story, but I never had any luck with this unless I set up a Samba box on both ends that maintained browse lists on both sides. There are plenty of fairly detailed explanations on this, some of which have my name attached, if you try Google-ing this list and FreeS/WAN. http://www2.frell.ambush.de/archives/freeswan-users/0721.html http://msgs.securepoint.com/cgi-bin/get/linux-ipsec-0111/477.html IIRC, the issue revolved around part of the browse process utilizing broadcasts (which aren't routable and won't traverse the VPN). Using WINS and browse list syncronization allowed the clients to browse with IP information rather than just Netbios names. The key was getting IP's involved... So, the browse list tells you that remote subnet includes machines x,y, and z. But if you try to browse those machines directly, the system doesn't have an IP and resorts to 'who has x?' broadcasts which aren't routable. Hence no response. With WINS, the client does a lookup for x,y, or z and queries it by IP. And gets a response. Brock -- Message: 1 Date: Sun, 20 Feb 2005 15:49:14 +0100 (CET) From: [EMAIL PROTECTED] Subject: [Samba] Netbios over ipsec (slightly ot) To: samba@lists.samba.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=iso-8859-1 Hi, This issue might be a slightly offtopic, but someone might have experience with it. Thanks for reading this post anyway. I have the following setup: Network 10.227.7.X is connected over a wlan (172.1.1.1 - 172.1.1.2) to network 128.1.1.X. This setup works, I have cross-subnet browsing going and I am able to login. When I enable IPSEC (raccoon (linux - freebsd)) I am still able to login and to browse the network, but I am unable to access any of the shares on the other subnet (this *does* work without ipsec). I used tcpdump to see if any packages are arriving on both ends and the server (samba 3.0.10) does seem the receive the packages and answers these packages as well, but the when having ipsec enabled the connection behave differently than without ipsec as the client seems to ask multiple times for something. I tried changing the MTU, but this does not seem the help. Maybe I am forgetting something as this setup is slightly complicated as it considers 4 firewalls (don't ask me why please ;-)), but the firewalls do not seem to be the problem as logins do work over ipsec. Regards, B. de Bruin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Netbios over ipsec (slightly ot)
Hi, This issue might be a slightly offtopic, but someone might have experience with it. Thanks for reading this post anyway. I have the following setup: Network 10.227.7.X is connected over a wlan (172.1.1.1 - 172.1.1.2) to network 128.1.1.X. This setup works, I have cross-subnet browsing going and I am able to login. When I enable IPSEC (raccoon (linux - freebsd)) I am still able to login and to browse the network, but I am unable to access any of the shares on the other subnet (this *does* work without ipsec). I used tcpdump to see if any packages are arriving on both ends and the server (samba 3.0.10) does seem the receive the packages and answers these packages as well, but the when having ipsec enabled the connection behave differently than without ipsec as the client seems to ask multiple times for something. I tried changing the MTU, but this does not seem the help. Maybe I am forgetting something as this setup is slightly complicated as it considers 4 firewalls (don't ask me why please ;-)), but the firewalls do not seem to be the problem as logins do work over ipsec. Regards, B. de Bruin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
