The VPN is a site-to-site VPN. It's a Linux<->Sonicwall VPN. Other users can join other Windows domains no problem. I created an lmhosts file on the Windows 2003 server with this:
10.1.1.1 fortissimo #PRE #DOM:crcomputer 10.1.1.1 "CRCOMPUTER \0x1b" 10.1.1.1 "CRCOMPUTER \0x1c" However, when I go to create a share and assign domain users to it, it cannot find the domain. Mike A. Leonetti As warm as green tea Evolution CE 3468C Lawson Boulevard Oceanside, NY 11572 www.evolutionce.com 516-536-5006 ext 105 516-208-4679 (Direct) Gaiseric Vandal wrote: > I had misread- I thought the DC was the one "remote." I think > -but am not sure- that WINS should have handled any "netbios" stuff > including locating the DC. I could be wrong tho. Can you try editing > the lmhosts file on the Win 2003 machine to provide the DC info? > > Is the sonicwall configured for a site-to-site VPN (i.e. the IP > addresses at both ends are explicitly configured) or is the Win 2003 > machine configured as a regular single user remote PC (what sonicwall > calls a GroupVPN account.) > > > Sonicwall may have some options to redirect netbios but I am pretty > sure you should not need this. > > > On 04/22/2010 04:26 PM, Mike A. Leonetti wrote: >> The W2K3 server is not the VPN client, the VPN client is a Sonicwall >> device. However, the side that has the DC (samba), the DC server also >> initiates the VPN (openswan). IPSec starts before samba. >> >> >> Leonardo Carneiro - Veltrac wrote: >> >>> The W2K3 server is the VPN client or is a host behind a vpn client >>> that have a route to the remote network? Is the server IS the vpn >>> client, does the connection is being made by a service (prior to the >>> user login) or you just connect to the VPN after login? >>> >>> >>> Gaiseric Vandal wrote: >>> >>>> How do the clients get IP addresses? You could try adding the WINS >>>> server value to the client ip address (either statically or via >>>> DHCP.) Then they should be able to get the necessary netbios name >>>> info even tho they are on a separate subnet. >>>> >>>> Why do you have the DC "distant" from the clients that it supports? >>>> >>>> >>>> >>>> >>>> >>>> On 04/22/2010 09:41 AM, Mike A. Leonetti wrote: >>>> >>>>> Yeah. I don't think it's the VPN blocking traffic. I think my WINS >>>>> server is not functioning properly. I'll keep working at it. >>>>> >>>>> Daniel Müller wrote: >>>>> >>>>> >>>>>> Are you sure, >>>>>> >>>>>> I thought with ipsec there could be netbios bypassing the tunnel. >>>>>> Shares and dns are always working. >>>>>> >>>>>> >>>>>> >>>>>> ----------------------------------------------- >>>>>> EDV Daniel Müller >>>>>> >>>>>> Leitung EDV >>>>>> Tropenklinik Paul-Lechler-Krankenhaus >>>>>> Paul-Lechler-Str. 24 >>>>>> 72076 Tübingen >>>>>> >>>>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>>>> eMail: [email protected] >>>>>> Internet: www.tropenklinik.de >>>>>> ----------------------------------------------- >>>>>> >>>>>> -----Ursprüngliche Nachricht----- >>>>>> Von: Mike A. Leonetti [mailto:[email protected]] >>>>>> Gesendet: Mittwoch, 14. April 2010 16:47 >>>>>> An: [email protected] >>>>>> Cc: samba Mailing >>>>>> Betreff: Re: AW: [Samba] Samba over VPN >>>>>> >>>>>> Daniel, >>>>>> >>>>>> I'm using ipsec for a VPN. Since all shares are working and name >>>>>> resolution all netbios packets seem to be traversing the VPN no >>>>>> problem. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> Daniel Müller wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> as far I know you need a vpn with netbios enabled. This can be >>>>>>> done witch >>>>>>> openvpn in briding mode. Or with a router having this option. >>>>>>> >>>>>>> Greetings >>>>>>> Daniel >>>>>>> >>>>>>> ----------------------------------------------- >>>>>>> EDV Daniel Müller >>>>>>> >>>>>>> Leitung EDV >>>>>>> Tropenklinik Paul-Lechler-Krankenhaus >>>>>>> Paul-Lechler-Str. 24 >>>>>>> 72076 Tübingen >>>>>>> >>>>>>> Tel.: 07071/206-463, Fax: 07071/206-499 >>>>>>> eMail: [email protected] >>>>>>> Internet: www.tropenklinik.de >>>>>>> ----------------------------------------------- >>>>>>> >>>>>>> -----Ursprüngliche Nachricht----- >>>>>>> Von: [email protected] >>>>>>> [mailto:[email protected]] >>>>>>> >>>>>>> >>>>>>> >>>>>> Im >>>>>> >>>>>> >>>>>> >>>>>>> Auftrag von Mike A. Leonetti >>>>>>> Gesendet: Dienstag, 13. April 2010 22:27 >>>>>>> An: Samba Mailing >>>>>>> Betreff: [Samba] Samba over VPN >>>>>>> >>>>>>> Have a 2003 server located outside of the Domain network over a >>>>>>> VPN. >>>>>>> The server originally existed inside the network (10.1.1.0/24) but >>>>>>> now >>>>>>> exists on 10.10.12.0/24. I can access shares over the VPN to the >>>>>>> domain >>>>>>> controller, but when I try to log in as a domain user it says the >>>>>>> domain >>>>>>> is unavailable. >>>>>>> >>>>>>> I added the domain controller as a WINS server on the 2003 server. >>>>>>> nbtstat -c on the 2003 does list the domain controller and the >>>>>>> domain. >>>>>>> >>>>>>> Microsoft Windows [Version 5.2.3790] >>>>>>> (C) Copyright 1985-2003 Microsoft Corp. >>>>>>> >>>>>>> C:\Documents and Settings\Administrator>nbtstat -c >>>>>>> >>>>>>> Local Area Connection 2: >>>>>>> Node IpAddress: [10.10.12.244] Scope Id: [] >>>>>>> >>>>>>> NetBIOS Remote Cache Name Table >>>>>>> >>>>>>> Name Type Host Address Life [sec] >>>>>>> ------------------------------------------------------------ >>>>>>> CRCOMPUTER<1C> GROUP 10.1.1.1 390 >>>>>>> CRCOMPUTER<1B> UNIQUE 10.1.1.1 387 >>>>>>> FORTISSIMO<20> UNIQUE 10.1.1.1 430 >>>>>>> >>>>>>> C:\Documents and Settings\Administrator> >>>>>>> >>>>>>> Is there a way I can test the WINS server to definitely make sure >>>>>>> it's >>>>>>> working? Is it that SAMBA isn't broadcasting itself over the >>>>>>> 10.10.12.0 >>>>>>> (VPN) network? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
