I have the same kind of setup (except I'm using Linux 2.6 IPSEC with KAME tools, and have two different domains, one on each side), and it almost work. I can join the domain on the other side of the tunnel (I still have a problem where wbinfo -t says it cannot find the DC) and winbindd can map remote domain users.
Could you document the errors you get while joining (plus possibly level 2/3 log from smbd/winbind depending on which one raises the the error) In my setup I added lmhosts files on both side (not sure if it helps but at least I could join). Also, I did not include the VPN interfaces (but in my setup, these are the public network interface due to new IPSEC implementation). Also, I may be wrong, but I would make FURNSRV the domain master on his subnet, and add a remote announce on the other subnets. Hope it helps. See my post of May 29, 2008 with subject "Trustdom setup and trusted group management" François > My network topology is changing. One of my network segments that used to > be > hard-wired will now be connecting to the rest of the network through DSL, > with a layer of OpenVPN on top. I am having the hardest time getting any > form of cross-subnet browsing or WINS working. > > My PDC is called CORPSRV. It has the following IPs: > 192.168.1.1 > <external IP> > 192.168.100.5 (OpenVPN) > > The DMB on the remote subnet is called FURNSRV. It has the following IPs: > 192.168.2.1 > 192.168.100.1 (OpenVPN) > > Here are the relevant parts of CORPSRV's smb.conf: > os level = 255 > wins support = yes > preferred master = yes > domain master = yes > local master = yes > remote announce = '192.168.2.1/CORP' '192.168.4.1/CORP' > remote browse sync = '192.168.2.1' '192.168.4.1' > name resolve order = wins bcast host > interfaces = 127.0.0.1 192.168.1.1 192.168.100.5/255.255.255.0 > bind interfaces only = yes > hosts allow = 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 192.168.6.0/24 > 192.168.100.0/24 127.0.0.1 > > Here are the relevant parts of FURNSRV's smb.conf: > security = domain > password server = 192.168.1.1 > wins server = 192.168.1.1 > wins support = no > wins proxy = yes > name resolve order = wins bcast lmhosts host > dns proxy = no > local master = yes > domain master = no > preferred master = yes > os level = 65 > remote browse sync = 192.168.1.1 > interfaces = 127.0.0.1 192.168.2.1 192.168.100.1/255.255.255.0 > bind interfaces only = yes > hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.4.0/24 > 192.168.6.0/24 192.168.100.0/24 > > I can ping each server's IP from the other server. The following > nmblookup > commands both work: > > [EMAIL PROTECTED]:/etc/samba# nmblookup -U 192.168.2.1 FURNSRV > params.c:pm_process() - Processing configuration file > "/etc/samba/printers.smb" > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 > added interface ip=192.168.100.5 bcast=192.168.100.255 nmask=255.255.255.0 > Socket opened. > querying FURNSRV on 192.168.2.1 > Got a positive name query response from 192.168.2.1 ( 192.168.100.1 > 192.168.2.1 ) > 192.168.100.1 FURNSRV<00> > 192.168.2.1 FURNSRV<00> > > [EMAIL PROTECTED]:/etc/samba# nmblookup -U 192.168.1.1 corpsrv > added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 > added interface ip=192.168.2.1 bcast=192.168.2.255 nmask=255.255.255.0 > added interface ip=192.168.100.1 bcast=192.168.100.255 nmask=255.255.255.0 > Socket opened. > querying corpsrv on 192.168.1.1 > Got a positive name query response from 192.168.1.1 ( 192.168.100.5 > 192.168.1.1 ) > 192.168.100.5 corpsrv<00> > 192.168.1.1 corpsrv<00> > > I can mount shares on each server from the other, using IP addresses. But > I > can't make FURNSRV join CORP, and I can't resolve FURNSRV via CORPSRV's > WINS > server. > > I know that part of the problem is that OpenVPN uses interfaces that do > not > allow broadcast traffic. But I thought specifying the WINS server and > using > the 'remote announce' directives would fix that. > > I would appreciate any help at all! Thanks so much, > Misty > > > > No virus found in this outgoing message. > Checked by AVG. > Version: 7.5.524 / Virus Database: 269.24.4/1475 - Release Date: 5/30/2008 > 2:53 PM > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > > > Message scanned by ClamAV engine (http://www.clamav.net) > -------------------------------------------------------- > -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
