samba - Jan 2007 - samba needed to network across openvpn tunnel

I have been assued in other places that I need to have Samba and Wins
in place touse Windows networking across an openvpn tunnel.

back history:
There was a network in place when I was hired to replace the former it
guy. All ran very smooth with only one networking issue. There were
"fights" between the Windows server and the Linux box:
The master browser has received a server announcement from the
computer MAIL that believes that it is the master browser for the
domain on transport NetBT_Tcpip_{7678958F-827A-4381-B5B6. The master
browser is stopping or an election is being forced.


There were two locations (office and school) with windows boxes on 3
subnets talking across an openvpn tunnel built on two FC4 servers.
there is a Microsoft Small Business Server 2003 installed at each end
to handle the users as seperate domains.  HSP and CRAGMART.  All mail
is handled by the office SBS (HSP).

The system worked great until I had a server cracked at the office
end.  The school end was not touched.  The damage was limited to the
one server (whew!).

The server has been rebuilt with debian etch and I have the tunnel
working great.  The old filesystem is intact and configuration files
are availible.

Office subnet 192.168.1.x
School subnets 192.168.19.x  1
                        92.168.10.x

I can communicate over tcp/ip fine from the office to the school and vice versa.

from 192.168.1.x I can get to the SBS server at \\192.168.19.3 but not
by \\cserver
from 192.168.19.x I cannot get to the SBS server at \\192.168.1.3 or
by \\server.

There is no windows browsing across the openvpn tunnel, everything is
normal within the seperate domains.

I have tried resolving this on irc.feenode.net #samba

here is the smb.conf for the server before it was cracked:  It did not
work on this install.
****************************************
# Samba config file created using SWAT
# from 192.168.1.112 (192.168.1.112)
# Date: 2006/04/18 11:10:34

[global]
        workgroup = HSP
        realm = SERVER.HSP.LOCAL
        netbios aliases = ntserver
        server string = Samba Server
        security = ADS
        log file = /var/log/samba/%m.log
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        dns proxy = No
        wins support = Yes
        ldap ssl = no
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[c$]
        path = /
        admin users = ntemple, mc, root
        read list = ntemple, mc, root
        write list = ntemple, mc, root

[music]
        path = /home/jukebox/www/html/songs
        guest ok = Yes

[install]
        path = /usr/local/share/unattended/install
        admin users = ntemple, mc
        write list = ntemple, mc
*************************************************

here is a recent variation that was configured with swat> it did not work
***********************************************

# Samba config file created using SWAT
# from 192.168.1.100 (192.168.1.100)
# Date: 2007/01/04 12:12:14

[global]
        workgroup = HSP
        realm = SERVER.HSP.LOCAL
        netbios aliases = ntserver
        server string = Samba Server
        security = DOMAIN
        password server         guest account = local_user
        log file = /var/log/samba/%m.log
        max log size = 50000
        name resolve order = wins lmhosts host bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        dns proxy = No
        wins server = 192.168.1.3
        ldap ssl = no
        username = brk, mc, root, ntemple, bries-knight
        admin users = brk, mc, root, ntemple, bries-knight
        hosts allow = 192.168.10., 192.168.19., 127., 192.168.1.
        cups options = raw

[root]
        path = /
        username = root ntemple mc bries-knight
        admin users = mc, root, ntemple, bries-knight
        write list = mc, root, ntemple, bries-knight

[base]
        path = /
        username = root ntemple mc bries-knight
        admin users = mc, root, ntemple, bries-knight
        write list = mc, root, ntemple, bries-knight

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[c$]
        path = /
        admin users = ntemple, mc, root
        read list = ntemple, mc, root
        write list = ntemple, mc, root

[music]
        path = /home/jukebox/www/html/songs
        guest ok = Yes

[install]
        path = /usr/local/share/unattended/install
        admin users = ntemple, mc
        write list = ntemple, mc
******************************************************************


-- 
-- 
Bill Ries-Knight
Stockton, CA

Respect the process, Vote.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/04/2007 09:10 PM, Bill Ries-Knight escreveu:
[...]
> Office subnet 192.168.1.x
	Is there a WINS server on that network under 192.168.1.3?

> School subnets 192.168.19.x  1
>                        92.168.10.x
> 
> I can communicate over tcp/ip fine from the office to the school and
> vice versa.
> 
> from 192.168.1.x I can get to the SBS server at \\192.168.19.3 but not
> by \\cserver
> from 192.168.19.x I cannot get to the SBS server at \\192.168.1.3 or
> by \\server.
	You should have WINS on one network and you should point
your clients to that WINS server on all your clients (either by
DHCP or by hand).

> There is no windows browsing across the openvpn tunnel, everything is
> normal within the seperate domains.
	Ok, but you want to have it, right? Or did I get it wrong?

> I have tried resolving this on irc.feenode.net #samba
> 
> here is the smb.conf for the server before it was cracked:  It did not
> work on this install.
> ****************************************
> # Samba config file created using SWAT
> # from 192.168.1.112 (192.168.1.112)
> # Date: 2006/04/18 11:10:34
[...]
> *************************************************
> 
> here is a recent variation that was configured with swat> it did not
work
> ***********************************************
> 
> # Samba config file created using SWAT
> # from 192.168.1.100 (192.168.1.100)
> # Date: 2007/01/04 12:12:14
> 
> [global]
>        workgroup = HSP
>        realm = SERVER.HSP.LOCAL
>        netbios aliases = ntserver
>        server string = Samba Server
>        security = DOMAIN
>        password server >        guest account = local_user
>        log file = /var/log/samba/%m.log
>        max log size = 50000
>        name resolve order = wins lmhosts host bcast
>        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>        printcap name = /etc/printcap
>        dns proxy = No
>        wins server = 192.168.1.3
	Here, there is a wins server directive here, and you
should have a wins server running under that IP.

[...]

	Please, be aware that some VPN softwares needs a "hint"
to let certain type of traffic.

	Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFpCBYCj65ZxU4gPQRAskAAKCfMHBSWJuZKvUzx10Cbm6k4shKIwCeOTys
CEJL9AqbYcmWglPDE6yM+LE=favU
-----END PGP SIGNATURE-----