Re: [Samba] Cross subnet browsing + OpenVPN
Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n # public = yes # browseable = yes # lm announce = yes # browse list = yes # auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script
Re: [Samba] Cross subnet browsing + OpenVPN
Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n # public = yes # browseable = yes # lm announce = yes # browse list = yes # auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete
Re: [Samba] Cross subnet browsing + OpenVPN
--- Original message --- Subject: Re: [Samba] Cross subnet browsing + OpenVPN From: Robert Schetterer rob...@schetterer.org To: samba@lists.samba.org Date: Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: Server configuration file dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.keyClient configuration file remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype
Re: [Samba] Cross subnet browsing + OpenVPN
Am 09.07.2010 14:42, schrieb t...@tms3.com: --- Original message --- *Subject:* Re: [Samba] Cross subnet browsing + OpenVPN *From:* Robert Schetterer rob...@schetterer.org *To:* samba@lists.samba.org *Date:* Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: i used samba with subnet browsing years ago it dont worked with tun interfaces, it must have been tab interfaces additional right samba setup times may changed, samba and openvpn changed but simply try it does not cost anything my setup was bdc--internalnet--firewall--(tunnel)--firewall--internalnet--pdc i had samba on the firewalls to bind to tab tunnel interfaces as wins proxy the pdc was the wins server, bdc as wins proxy and directed browsing to pdc, all clients did got well configured parameters per dhcp additional there was a working dns which matched dynamicly wins anyway times may change , and there are better solutions now but this one worked stable an robust read samba faqs wins and subnet browsing etc good luck Server configuration file *dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.key* Client configuration file *remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key* From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! ** From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user
Re: [Samba] Cross subnet browsing + OpenVPN
Julian Pilfold-Bagwell wrote: I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n #public = yes #browseable = yes #lm announce = yes #browse list = yes #auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' [shared] comment = shared directory path = /dat browseable = yes read only = no create mask = 0660 directory mask = 0770 smb.conf - REMOTE1 # [global] workgroup = NEWDOM netbios name = REMOTE1 security = user enable privileges = yes interfaces = 192.168.1.254 127.0.0.1 #hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 10.8.0.0/24 127.0.0.1 wins server = 192.168.0.1 wins proxy = yes username map = /etc/samba/smbusers
[Samba] Cross subnet browsing + OpenVPN
Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n #public = yes #browseable = yes #lm announce = yes #browse list = yes #auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' [shared] comment = shared directory path = /dat browseable = yes read only = no create mask = 0660 directory mask = 0770 smb.conf - REMOTE1 # [global] workgroup = NEWDOM netbios name = REMOTE1 security = user enable privileges = yes interfaces = 192.168.1.254 127.0.0.1 #hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 10.8.0.0/24 127.0.0.1 wins server = 192.168.0.1 wins proxy = yes username map = /etc/samba/smbusers name resolve order = wins bcast hosts server string = Samba
Re: [Samba] Cross subnet browsing + OpenVPN
SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n #public = yes #browseable = yes #lm announce = yes #browse list = yes #auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script
