Re: [Samba] Re: Access Samba Servers from the Internet?
I'll take the time to read more over about NetBIOS. Read it all. Its all clear now. So, I finally make it work perfectly. My PDC at 192.168.0.1 in 192.168.0.x network acts now also as a WINS server. The foreign 192.168.1.1 windows 2K uses 192.168.1.253 gateway to connect to the internet provider. This provider carry on MPLS VPN functionality. The foreign PC has 192.168.0.1 as 1ary DNS (Bind) and 212 as 2nd DNS (providers' firts DNS). It has ALSO 192.168.0.1 as WINS server. My provider had to unlock both 192.168.0.253 and 192.168.1.253 routers: they lock NetBIOS requests in default mode! Now the foreign PC is authenticated by the PDC, and ca work with its personal and common samba shares Weeepeee :o) I promise I'll give money to samba.org when I'll get rich one day :-) Finaly, I'm writing an article to put in my website to detail all to be done when creating such a VPN with Samba in the middle. Will post here when doc is done and published in my site. Cheers -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
First of all, Thanks a lot John for take the time to make such precise and valuable answers. I am really impressed to read all your answers in this list, and I know all difficult and long it is, for answering myself about question on PostgreSQL in IRC and Mailing lists. PS: Master Browser does not mean that same as Domain Controller at all! [...] use WINS [...] Note: Again, none of this has anything to do with domain control (or what many prefer to call PDC). [...] PDC means Master Authentication Controller - NOT Master Browser. Please read my comments above very carefully. [...] WINS is your best friend Thanks for this answers. I promise to read again and again about NetBios in all the HOWTOS of Samba. I now know that my problems could be solved using my Samba PDC act as a WINS server too... As you may know, I use a VPN MPLS solution with my internet provider. He just told me today that routers are configured to block NetBIOS traffic by default. :-/ He's doing what needs to be done to allow NetBIOS traffic between two sites (192.168.0 where the samba box resides and distant 192.168.1..). I'm doing tests now with Samba PDC acting has a Wins server too. I'll put in this list my complete configuration and network schemes when all will work, in the case other persons would do the same. One needs to understand the NetBIOS protocols to solve a NetBIOS problem - few TCP/IP admins care to do that! I'll take the time to read more over about NetBIOS. If you want to catch lots of fish, as a fisherman you need to think like a fish! :-) -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
Ah ... somenews! Here what I found in /var/log/nmbd: Samba name server MASTER is now a local master browser for workgroup PACK on subnet 192.168.0.1 *BUT* I have the following line in the [global] section of smb.conf: hosts allow=192.168.0. 192.168.1. I found in docs that above list can be comma-separated, space separated, etc.. How the Samba server can be MASTER for _both_ 192.168.0. and 192.168.1. subnets? Which in my case could be the problem -just read previous mail- ?? Thanks a lot for any help, I'm stuck :-/ -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
Hi parameter hosts allow is only for blocking bad users nothing configure... nmbd can be master browser only on network that is on your network machine eth. If you have only one network adapter eth0 configured then MASTER is only on ip network of this. In secondary network 192.168.1 is master browser auto detected and set one or more comps on this segment. If your machine have two adapters then your nmbd is master on all but in log this can be writen at next time becose on segments is setup automatic browser election repeatly and then writes info about election to log. Bye. - Original Message - From: Jean-Paul ARGUDO [EMAIL PROTECTED] To: cantisan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, December 13, 2002 9:09 AM Subject: Re: [Samba] Re: Access Samba Servers from the Internet? Ah ... somenews! Here what I found in /var/log/nmbd: Samba name server MASTER is now a local master browser for workgroup PACK on subnet 192.168.0.1 *BUT* I have the following line in the [global] section of smb.conf: hosts allow=192.168.0. 192.168.1. I found in docs that above list can be comma-separated, space separated, etc.. How the Samba server can be MASTER for _both_ 192.168.0. and 192.168.1. subnets? Which in my case could be the problem -just read previous mail- ?? Thanks a lot for any help, I'm stuck :-/ -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
nmbd can be master browser only on network that is on your network machine eth. Thanks for your answer. If I understand you well, MASTER is only PDC for 192.168.0 because of eth0 configuration. Here is it: auto eth0 iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.253 Given this, the solution is to change the netmask? Then, MASTER would listen in network 192.168. instead of 192.168.0 only. Am I right? How to achieve my PDC to become unique PDC in my LAN composed of 192.168.0, 192.168.1 and may be tommorrow 192.168.2 .. ?? Given the fact I'm DBA, not an Admin sys specialized in TCP/IP, you understand my weakness here :-) Thanks again. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
Not you not have right. - Original Message - From: Jean-Paul ARGUDO [EMAIL PROTECTED] To: Marian Mlcoch, Ing [EMAIL PROTECTED] Cc: cantisan [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, December 13, 2002 10:15 AM Subject: Re: [Samba] Re: Access Samba Servers from the Internet? nmbd can be master browser only on network that is on your network machine eth. Thanks for your answer. If I understand you well, MASTER is only PDC for 192.168.0 because of eth0 configuration. Here is it: auto eth0 iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.253 Given this, the solution is to change the netmask? Then, MASTER would listen in network 192.168. instead of 192.168.0 only. Am I right? How to achieve my PDC to become unique PDC in my LAN composed of 192.168.0, 192.168.1 and may be tommorrow 192.168.2 .. ?? Given the fact I'm DBA, not an Admin sys specialized in TCP/IP, you understand my weakness here :-) Thanks again. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
On Fri, 13 Dec 2002, Jean-Paul ARGUDO wrote: nmbd can be master browser only on network that is on your network machine eth. Thanks for your answer. If I understand you well, MASTER is only PDC for 192.168.0 because of eth0 configuration. Here is it: Master browsers are 'elected' (determined) over UDP broadcast. The semantics of that are covered in the Entire-HOWTO-collection that is present on the home page of SWAT, see section 2.4. Any SMB/CIFS (MS Windows NEtworking) machine can become the master browser for the subnet it is on. It will never become the master browser for a remote subnet. The protocol was not designed to allow it to be. PS: Master Browser does not mean that same as Domain Controller at all! The master browser simply is the machine that has the master list of machines that are visible on the local network segment. If you want to find a list of machines on a remote network segment, then you need to ask the remote master browser for that segment. That gets very difficult, unless you use WINS. If you use a single WINS server (either using Samba or MS Windows NT4/2K Server) and you configure every client so it uses that WINS server, then all clients will register with the WINS server. Each local master browser will also register that fact that it is master browser with that WINS server and it will keep it's local browse list synchronised with the domain master browser's list. The domain master browser will synchronise it's full list with all local master browsers - and the result is that your MS Windows clients will see all registered (active) machines in their browse list. Note: Again, none of this has anything to do with domain control (or what many prefer to call PDC). auto eth0 iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.253 Given this, the solution is to change the netmask? Then, MASTER would listen in network 192.168. instead of 192.168.0 only. Am I right? It is not what you specify as the host allow that determines the scope of the master browser, it is the netmask of the network that does this. More accurately put, network segments are broadcast isolated. Routers do NOT forward UDP broadcast packets. How to achieve my PDC to become unique PDC in my LAN composed of 192.168.0, 192.168.1 and may be tommorrow 192.168.2 .. ?? PDC means Master Authentication Controller - NOT Master Browser. Please read my comments above very carefully. There are three (3) essential components of MS Windows Networking: 1. Name Resolution The ability to resolve NetBIOS Machine Names to an IP Address - WINS is your best friend here. Some people insist on using DNS which is great, but DNS does not deal with (no mechanism to record and tell clients about) NetBIOS Name Type information. See section 2.4 of the Entire-HOWTO-Collection on the SWAT home page. 2. Routing and Visibility This involves correct network configuration in the first place. Secondly, you need to provide a way for a local broadcast isolated machine to be able to find a remote machine - WINS is your best friend here! 3. Security and Authentication This is where you need to make sure that the machine that a client is trying to access can authenticate past the security barriers. Given the fact I'm DBA, not an Admin sys specialized in TCP/IP, you understand my weakness here :-) You are not alone. Many network admins have no clue about MS Windows networking because so few realise that NetBIOS uses different protocols that are implemented OVER TCP/IP. One needs to understand the NetBIOS protocols to solve a NetBIOS problem - few TCP/IP admins care to do that! Put another way: If you want to catch lots of fish, as a fisherman you need to think like a fish! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Access Samba Servers from the Internet?
secure to set-up a VPN connection from your client to your host and then login that way. Of course, it is possible to access your SMB share through I have exactly the same need. I have a co-worker that can come to our site because of physical problems, he cant just come at work like everyone. The thing is to achieve a normal Windows 2000 connection to our domain. Here is how I solved it (not yet accomplished, but in good way to): I subscribed a VPN MPLS solution at my internet provider. I think it is the best way to do actual VPN, better than frame relay or IpSec, because it is transparent to users. Here an ascii-art datagram of the solution: ___ Internet... / | FIREWALL | /[ VPN MPLS ]--\ || router router 192.168.1.253 192.168.0.253 || || || Far away PC local network with 192.168.1.1W2K workstations, Linux PCs /| | \ Samba as PDC other machines in with Bind DNS 192.168.0. 192.168.0.1 subnet have to be different for the VPN MPLS to work! That's why the main network it's in 192.168.0. and the away network is in 192.168.1 On 192.168.1.1 PC he can ping 192.168.0.x machines! The same in 192.168.0.x machines, we can ping him and also it's router. But, we can't achieve him to be connected to our network :-(( That's the current big problem! He has 192.168.0.1 as 1ary DNS and has 2nd DNS he has the provider's 1st DNS address. On his machine he can do: nslookup machinetest =works nslookup machinetest.homelocalnetwork.com =works ping 192.168.0.100 (machinetest'IP) =works ping machinetest = doesn't work!! I am sure of the DNS (Bind) configuration but seems Samba is rejecting him?? What's wrong??? I read an article about DNS in Windows 2000. Seems the DNS *must* work with DHCP, dynamically in order to distant machines to connect. Is that true? I mean, then, my local machines would use NetBios only to connect to samba PDC? Then, if this is true, this means NetBios connections cant' go thru the VPN? Why? Is this because of different subnets? As you see, VPN MPLS is a good solution, but I really hope someone doing VPN MPLS with Samba as PDC in W3K environnement could tell me how he achieved this to work Finally, sorry for crap english :) Thanks a lots. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access Samba Servers from the Internet?
This is certainly possible, but might not be so advisable. It would be more secure to set-up a VPN connection from your client to your host and then login that way. Of course, it is possible to access your SMB share through a windoze machine by the \\SERVER_IP\SHARE_NAME method. It will work, but seems terribly insecure to me! DrTebi [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I have a little question that I am not sure about: I will set up a server at a hosting facility, is it possible to install Samba on the server and access shares of this server over the internet? Would I just have to use the right workgroup, maybe restrict access to certain IP's, and would I then be able to access the shares from just anywhere on the internet, as long as I have the correct workgroup??? This might be a silly question, but I haven't really seen an answer anywhere yet. Thanks, DrTebi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
