Thanks Charles,
I managed to log into the domains on the far end, but the PCs are 98 and so
are not part of the domain itself. I am now taking a server which is part
of the corporate domain and moving it on the other end of the VPN. We will
make this a master browser and see if the other PCs can pick up the browse
lists. In the mean time I am reading the documentation on the SAMBA site as
you suggested. Now that I know where the problem lies, a workable solution
should be easier to find.
BTW, did you get the weblet files I sent a couple days ago?
Best Regards,
Roger McClurg
[EMAIL PROTECTED]
Charles
Steinkuehler To: Roger E McClurg/CEG/CSC@CSC,
[EMAIL PROTECTED]
<charles cc:
@steinkuehler Subject: Re: [Leaf-user] NT networking
over LEAF IPSEC VPN
.net>
04/19/2002
03:09 PM
> I posted the problem below on the FreeS/WAN users list and got a number
of
> replies including agreement from others who have tried, but no one said
> "Hey I have NT (SMB) running across an IPSEC VPN". The best suggestions
I
> got were to create a WINS (SAMBA) server on the remote side. I agree that
> should solve the problem, but when one talks about adding potentially
> hundreds of new SAMBA servers to a domain with trust relationships to
> thousands of servers this presents a big problem.
>
> The setup is simple: one or many Windows PC on the remote end, dozens of
> NT domains on the local end, and DCD-Cisco Router
> in between. Has anyone here at LEAF gotten SMB networking to propagate
> properly through an IPSEC tunnel? I can map drives and access file
shares.
> It is s l o w but it works. What I can't do is view network browse
> lists, do network printing, in short almost the entire gamut of SMB.
>
> WINS information is passed by the DHCP server to the PCs. I have tried
> putting server info in LMHOSTS files. None of it helps. Has anyone solved
> this problem before?
I have network browsing working across my IPSec VPN. I use dhcp to
configure my windows boxes, and point them to a WINS server on the far side
of the VPN (while also setting hybrid name resolution protocol, so my local
network falls back to broadcast name resolution if the VPN is down). All
local machines are part of the remote domain (PDC & BDC are at the far end
of the VPN).
Your problem is *NOT* related to the VPN...it's related to trying to
network
windows ACROSS A ROUTER. Yes, Microsoft's "Enterprise ready networking"
doesn't work properly if you have multiple broadcast domains (kind of makes
you wonder what kind of "enterprise" they're running out in Redmond).
Anyway, there are multiple ways to solve this problem. I'm no expert, but
some of the options I've heard about include:
MS Solutions (can work with SAMBA as well):
- NT Server (or current equivelent) running on *EACH* subnet, configured to
talk to each other & exchange browse info.
- Remote systems join local domain (what I've got setup)
- Broadcast packets are tunneled through the lan (Microsoft's L2TP, or
Layer
2 tunneling protocol...layer 2 is physical ethernet, and MS came out with
L2TP to allow ethernet broadcast packets to cross the WAN).
Samba only solutions:
- Setup SAMBA servers at both ends, configured to exchange/forward browse &
name resolution information. This is the *ONLY* way to get workgroups to
browse across a router...all Microsoft solutions *REQUIRE* domains and
multiple NT Server boxes (hmm...it's almost like they sell serever liceses
or something :)
The generic term for what you want is called "cross subnet browsing".
Standard internet searches will turn up *LOTS* of information on this. I
have found the SAMBA documentation to be far better than the Microsoft
information on this front. The SAMBA folks tend to explain *EXACTLY*
what's
going on, and what you can do to get the results you want, where the MS
documentation basically says "buy this MS VPN Product, and everything will
work", although there are lots of pretty network diagrams with NT servers
everywhere...
Oh...and whatever you wind up doing, there's probably going to be a 1-???
hour synchronization delay for new resources to be detected and
"browsable",
that just comes with the territory. Good thing those MS boxes don't have
to
be rebooted very often... <NOTE: Portions of the preceeding contain
sarcasm, just in case your sarcasm detector is broken :>
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
