I already have an existing network that is managed by a samba PDC. In the next few days, I will be linking another small LAN to the existing one over the internet using openvpn. I've been told that samba (through no fault of its own) doesn't work very well through a VPN. For the new network, there will be a box with 2 NICs: one for the internet and one for the LAN. This box will use openvpn and iptables to allow the entire LAN direct access to the PDC (which provides other services also) through the VPN tunnel. I want the workstations in the new network to be able to logon to the domain and access the file shares hosted by the samba PDC in the first network. Will I be able to do this? Easily? :) -- Andrew Gaffney Gentoo Linux Developer Installer Project
On Dec 1, Andrew Gaffney wrote:> the internet using openvpn. I've been told that samba (through no fault of > its own) doesn't work very well through a VPN.Seems to do a reasonable job here.> I want the workstations in the new network to be able to logon to the domain > and access the file shares hosted by the samba PDC in the first network. Will > I be able to do this? Easily? :)The thing to use is a DHCP server that also provides clients with the IP address of the PDC through the netbios-name-servers option in the ISC DHCP server. tom.
I am running a similiar setup. I have a main office running a T1 with a linux firewall and a samba pdc/dhcp server behind it. On my satelite office Im running a dsl connection with a dlink router with a samba pdc/firewall/dhcp server behind it. (I never trust those little dsl routers). I am using openvpn for this. I set the main pdc accross the T1 as a wins server and point the satelite office to it.. I am able to browse both networks and share files with no problem. The usernames and passwords are the same with both servers and I can use cygwin and ultra vnc to remotely manage by computer name . I would worry about speed if you gonna authenticate across the vpn. Especially if you plan on using roaming profiles.. Andrew Gaffney wrote:> I already have an existing network that is managed by a samba PDC. In > the next few days, I will be linking another small LAN to the existing > one over the internet using openvpn. I've been told that samba > (through no fault of its own) doesn't work very well through a VPN. > > For the new network, there will be a box with 2 NICs: one for the > internet and one for the LAN. This box will use openvpn and iptables > to allow the entire LAN direct access to the PDC (which provides other > services also) through the VPN tunnel. > > I want the workstations in the new network to be able to logon to the > domain and access the file shares hosted by the samba PDC in the first > network. Will I be able to do this? Easily? :) >
> -----Original Message----- > From: tom burkart [mailto:samba@aussec.com]> The thing to use is a DHCP server that also provides clients > with the IP > address of the PDC through the netbios-name-servers option in the ISC > DHCP server.Actually, the address you want to give them is the address of the WINS server. That can be the same as the PDC, but it doesn't have to be.
If you find smb too slow, you should try using http to serve the files across the VPN. Set up apache to use samba authentication and you should be all set. You could even run both Samba and Apache at the same time, and see for yourself which works out better. -tom "Andrew Gaffney" <agaffney@gentoo.org> wrote in message news:41AD80F3.3060603@gentoo.org...>I already have an existing network that is managed by a samba PDC. In the >next few days, I will be linking another small LAN to the existing one over >the internet using openvpn. I've been told that samba (through no fault of >its own) doesn't work very well through a VPN. > > For the new network, there will be a box with 2 NICs: one for the internet > and one for the LAN. This box will use openvpn and iptables to allow the > entire LAN direct access to the PDC (which provides other services also) > through the VPN tunnel. > > I want the workstations in the new network to be able to logon to the > domain and access the file shares hosted by the samba PDC in the first > network. Will I be able to do this? Easily? :) > > -- > Andrew Gaffney > Gentoo Linux Developer > Installer Project > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
> If you find smb too slow, you should try using http to serve the files > across the VPN. > Set up apache to use samba authentication and you should be all set. > You could even run both Samba and Apache at the same time, and see for > yourself which works out better.We use Davenport, which is a DAV<-->CIFS/SMB portal, to provide DAV access to all our Samba volumes. Davenport is a setup-and-go app, very nice and has worked well for us. http://{hostname}:8080/davenport and you see the domains & workgroups listed, you drill down through hosts to volumes just like using Network Neighborhood. A volume can be browsed as a web page (for non-DAV clients like Win9x) or as a DAV volume. DAV is much faster over VPN links than native SMB.