Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: > Sorry about the delay, family emergency to deal with. > browse sync shares the info across them. I tried putting the specific > IP addresses of the local master browsers into the browse sync but it > still doesn't seem to spread everything across all the subnets.
you should use tap interfaces with openvpn > > > From what I understand, the remote announce tells the WINS server to > broadcast across the remote subnets and remote > > On 06/07/10 13:50, t...@tms3.com wrote: >> >> >> SNIP >>> >>> Hi All, >>> >>> I'm having a problem with cross subnet browsing and name resolution >>> across >>> an openvpn tunnel. i've found quite a few people who've had the same on >>> mail lists but none of their fixes have worked. The spec of the >>> setups at >>> both ends of the tunnel are as follows: >> "remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM >> remote browse sync = 192.168.1.255 192.168.2.255" >> >> This looks odd to me. >> >> remote announce = <wins server ip>/<DOMNAME> >> remote browse sync = <wins server ip> >> >> NEEDED in both smb.conf >> >> wins server = <wins server ip> >> >> Can't remember default for this setting sooooo >> >> enhanced browsing = Yes >> >> in both smb.conf >> >> >> DHCP should point clients to headoffice for WINS. WINS proxy is not >> useful. >>> >>> >>> OS - CentOS 5.5 >>> Samba Version 3.5.4 >>> OpenVPN Version 2.0.9-1 >>> >>> Each server is configured in gateway mode with two NICS, one to the lan >>> and the other to a modem/router. The first machine, HEADOFFICE, has an >>> internal IP address of >>> 192.168.0.1 and an external of 192.168.10.4. The second machine, >>> REMOTE1, >>> has an internal address of 192.168.1.254 and an external of >>> 192.168.20.4. >>> >>> On openVPN, I have configured client to client and routes and iroutes to >>> allow machines on each network to ping machines at the other end as well >>> as the server IP's. >>> So far so good and I can ping any machine on either subnet from anywhere >>> and get a reply. The servers are configured as Samba servers with the >>> HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 >>> machine configured as a BDC and WINS proxy. In order to maintain >>> logon >>> facilities in the event of broadband failure, >>> I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates >>> and password changes propogate successfully from one site to the other. >>> >>> If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works >>> perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet >>> fails on name resolution while >>> entering \\192.168.1.254\ brings up Windows Explorer and a list of >>> shares. >>> >>> I've included the remote browse entries in smb.conf on the PDC and have >>> WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP >>> back to the WINS server. >>> Port scanning the internal IP of each machine from the oher end of the >>> tunnel returns a full set of open ports for the services I'm using >>> but no >>> IP. >>> >>> If anyone can spot what I'm doing wrong I'd be grateful. >>> >>> Thanks. >>> >>> ################ smb.conf - HEADOFFICE ################ >>> ### Included 2nd subnet for second remote site in browse sync >>> >>> [ global] >>> workgroup = NEWDOM >>> netbios name = HEADOFFICE >>> security = user >>> enable privileges = yes >>> interfaces = 192.168.0.1 127.0.0.1 >>> # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 >>> 194.168.2.0/255.255.255.0 127.0.0.1 >>> remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM >>> remote browse sync = 192.168.1.255 192.168.2.255 >>> wins support = yes >>> name resolve order = wins hosts bcast >>> username map = /etc/samba/smbusers >>> server string = Samba Server %v >>> encrypt passwords = Yes >>> ldap ssl = no >>> unix password sync = yes >>> ldap passwd sync = no >>> passwd program = /usr/sbin/smbldap-passwd -u "%u" >>> passwd chat = "Changing *\nNew password*" %n\n "*Retype new >>> password*" %n\n" >>> >>> # public = yes >>> # browseable = yes >>> # lm announce = yes >>> # browse list = yes >>> # auto services = yes >>> >>> log level = 3 >>> syslog = 0 >>> log file = /var/log/samba/log.%U >>> max log size = 100000 >>> time server = Yes >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>> mangling method = hash2 >>> Dos charset = 850 >>> Unix charset = ISO8859-1 >>> >>> local master = Yes >>> domain logons = Yes >>> domain master = Yes >>> os level = 65 >>> preferred master = Yes >>> wins support = yes >>> >>> passdb backend = ldapsam:ldap://127.0.0.1 >>> ldap admin dn = cn=Manager,dc=newdom,dc=ldm >>> ldap suffix = dc=newdom,dc=ldm >>> ldap group suffix = ou=Groups >>> ldap user suffix = ou=Users >>> ldap machine suffix = ou=Computers >>> ldap idmap suffix = ou=Idmap >>> >>> add user script = /usr/sbin/smbldap-useradd -m "%u" >>> ldap delete dn = Yes >>> delete user script = /usr/sbin/smbldap-userdel "%u" >>> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" >>> add group script = /usr/sbin/smbldap-groupadd -p "%g" >>> #delete group script = /usr/sbin/smbldap-groupdel "%g" >>> add user to group script = /usr/sbin/smbldap-groupmod -m >>> "%u" "%g" >>> delete user from group script = /usr/sbin/smbldap-groupmod >>> -x "%u" >>> "%g" >>> set primary group script = /usr/sbin/smbldap-usermod -g >>> '%g' '%u' >>> >>> [shared] >>> comment = shared directory >>> path = /dat >>> browseable = yes >>> read only = no >>> create mask = 0660 >>> directory mask = 0770 >>> >>> >>> ############ smb.conf - REMOTE1 ############################# >>> >>> [global] >>> workgroup = NEWDOM >>> netbios name = REMOTE1 >>> security = user >>> enable privileges = yes >>> interfaces = 192.168.1.254 127.0.0.1 >>> # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 >>> 10.8.0.0/24 127.0.0.1 >>> wins server = 192.168.0.1 >>> wins proxy = yes >>> username map = /etc/samba/smbusers >>> name resolve order = wins bcast hosts >>> server string = Samba Server %v >>> encrypt passwords = Yes >>> ldap ssl = no >>> unix password sync = yes >>> ldap passwd sync = no >>> passwd program = /usr/sbin/smbldap-passwd -u "%u" >>> passwd chat = "Changing *\nNew password*" %n\n "*Retype new >>> password*" %n\n" >>> >>> log level = 0 >>> syslog = 0 >>> log file = /var/log/samba/log.%U >>> max log size = 100000 >>> time server = Yes >>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >>> mangling method = hash2 >>> Dos charset = 850 >>> Unix charset = ISO8859-1 >>> >>> local master = Yes >>> domain logons = Yes >>> domain master = no >>> os level = 40 >>> preferred master = no >>> >>> passdb backend = ldapsam:ldap://127.0.0.1 >>> ldap admin dn = cn=Manager,dc=newdom,dc=ldm >>> ldap suffix = dc=newdom,dc=ldm >>> ldap group suffix = ou=Groups >>> ldap user suffix = ou=Users >>> ldap machine suffix = ou=Computers >>> ldap idmap suffix = ou=Idmap >>> >>> add user script = /usr/sbin/smbldap-useradd -m "%u" >>> ldap delete dn = Yes >>> delete user script = /usr/sbin/smbldap-userdel "%u" >>> add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" >>> add group script = /usr/sbin/smbldap-groupadd -p "%g" >>> delete group script = /usr/sbin/smbldap-groupdel "%g" >>> add user to group script = /usr/sbin/smbldap-groupmod -m >>> "%u" "%g" >>> delete user from group script = /usr/sbin/smbldap-groupmod >>> -x "%u" >>> "%g" >>> set primary group script = /usr/sbin/smbldap-usermod -g >>> '%g' '%u' >>> >>> [test] >>> comment = test share >>> path = /test >>> browseable = yes >>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >> > -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba