If you have fixed IPs (or static DNS leases), one way round this is to
populate %SystemRoot%\system32\drivers\etc\lmhosts on the Windows client.
I look forward to seeing any other solutions here :-)
On 6 July 2010 13:07, <jpb at oss4all.plus.com> wrote:
> Hi All,
>
> I'm having a problem with cross subnet browsing and name resolution
across
> an openvpn tunnel. i've found quite a few people who've had the
same on
> mail lists but none of their fixes have worked. The spec of the setups at
> both ends of the tunnel are as follows:
>
> OS - CentOS 5.5
> Samba Version 3.5.4
> OpenVPN Version 2.0.9-1
>
> Each server is configured in gateway mode with two NICS, one to the lan
> and the other to a modem/router. The first machine, HEADOFFICE, has an
> internal IP address of
> 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1,
> has an internal address of 192.168.1.254 and an external of 192.168.20.4.
>
> On openVPN, I have configured client to client and routes and iroutes to
> allow machines on each network to ping machines at the other end as well
> as the server IP's.
> So far so good and I can ping any machine on either subnet from anywhere
> and get a reply. The servers are configured as Samba servers with the
> HEADOFFICE machine
> working as a PDC, DMC and WINS server and the REMOTE1 machine configured
> as a BDC and WINS proxy. In order to maintain logon facilities in the
> event of broadband failure,
> I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates
> and password changes propogate successfully from one site to the other.
>
> If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it
works
> perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
> fails on name resolution while
> entering \\192.168.1.254\ brings up Windows Explorer and a list of shares.
>
> I've included the remote browse entries in smb.conf on the PDC and have
> WINS Proxying set up on the BDC but I can't get it to push
REMOTE1's IP
> back to the WINS server.
> Port scanning the internal IP of each machine from the oher end of the
> tunnel returns a full set of open ports for the services I'm using but
no
> IP.
>
> If anyone can spot what I'm doing wrong I'd be grateful.
>
> Thanks.
>
> ################ smb.conf - HEADOFFICE ################
> ### Included 2nd subnet for second remote site in browse sync
>
> [ global]
> workgroup = NEWDOM
> netbios name = HEADOFFICE
> security = user
> enable privileges = yes
> interfaces = 192.168.0.1 127.0.0.1
> # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0
> 194.168.2.0/255.255.255.0 127.0.0.1
> remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM
> remote browse sync = 192.168.1.255 192.168.2.255
> wins support = yes
> name resolve order = wins hosts bcast
> username map = /etc/samba/smbusers
> server string = Samba Server %v
> encrypt passwords = Yes
> ldap ssl = no
> unix password sync = yes
> ldap passwd sync = no
> passwd program = /usr/sbin/smbldap-passwd -u "%u"
> passwd chat = "Changing *\nNew password*" %n\n
"*Retype new
> password*" %n\n"
>
> # public = yes
> # browseable = yes
> # lm announce = yes
> # browse list = yes
> # auto services = yes
>
> log level = 3
> syslog = 0
> log file = /var/log/samba/log.%U
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> mangling method = hash2
> Dos charset = 850
> Unix charset = ISO8859-1
>
> local master = Yes
> domain logons = Yes
> domain master = Yes
> os level = 65
> preferred master = Yes
> wins support = yes
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=Manager,dc=newdom,dc=ldm
> ldap suffix = dc=newdom,dc=ldm
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
>
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -t 0 -w
"%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> #delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m
"%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
>
> [shared]
> comment = shared directory
> path = /dat
> browseable = yes
> read only = no
> create mask = 0660
> directory mask = 0770
>
>
> ############ smb.conf - REMOTE1 #############################
>
> [global]
> workgroup = NEWDOM
> netbios name = REMOTE1
> security = user
> enable privileges = yes
> interfaces = 192.168.1.254 127.0.0.1
> # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
> 10.8.0.0/24 127.0.0.1
> wins server = 192.168.0.1
> wins proxy = yes
> username map = /etc/samba/smbusers
> name resolve order = wins bcast hosts
> server string = Samba Server %v
> encrypt passwords = Yes
> ldap ssl = no
> unix password sync = yes
> ldap passwd sync = no
> passwd program = /usr/sbin/smbldap-passwd -u "%u"
> passwd chat = "Changing *\nNew password*" %n\n
"*Retype new
> password*" %n\n"
>
> log level = 0
> syslog = 0
> log file = /var/log/samba/log.%U
> max log size = 100000
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> mangling method = hash2
> Dos charset = 850
> Unix charset = ISO8859-1
>
> local master = Yes
> domain logons = Yes
> domain master = no
> os level = 40
> preferred master = no
>
> passdb backend = ldapsam:ldap://127.0.0.1
> ldap admin dn = cn=Manager,dc=newdom,dc=ldm
> ldap suffix = dc=newdom,dc=ldm
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Idmap
>
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -t 0 -w
"%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m
"%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
>
> [test]
> comment = test share
> path = /test
> browseable = yes
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>