We have about 300 users distributed on different vlans using private ip network spaces, and sharing one single public IP when going out to the Internet. Our samba (3.0.24) server has a pulbic IP and is running as a primary domain controller. All clients receive Sambas's public IP as their WINS server. I am able to join the domain but samba stops responding sporadically. Looking at the logs, I found two things: First on samba/log.smb: oscar01 (4.5.6.7) closed connection to service netlogon [2008/04/30 11:55:12, 0] lib/util_sock.c:get_peer_addr(1229) getpeername failed. Error was Transport endpoint is not connected [2008/04/30 11:55:12, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 4.5.6.7. Error Connection reset by peer [2008/04/30 11:55:12, 0] lib/util_sock.c:send_smb(769) Error writing 4 bytes to client. -1. (Connection reset by peer) Searching on google It seems that this is caused by smb ports=445 139 and can be fixed by setting it to smb ports=445. I already made this change. Second on samba/log.nmbd [2008/04/30 14:25:31, 1] libsmb/cliconnect.c:cli_connect(1369) Error connecting to 4.5.6.7 (Operation already in progress) [2008/04/30 14:40:40, 1] lib/util_sock.c:open_socket_out(896) timeout connecting to 4.5.6.7:139 Here it looks like samba is trying to initiate a connection using the NAT/firewall public IP, which is never going to work since there's no port forwarding in place. Which makes me wonder, is it possible to run samba on a NATed network?? Thank you in advance for your input, eric.
You should be able to run the samba server on one of the vlans giving it an internal ip address just make sure the routing between all the vlans will forward the traffic to your PDC. Also for security I would put the samba server behind the NAT address there should be no reason to make it public to the Internet unless you have remote people that connect in to it. And if that is the case they should be coming in over some kind of vpn type link. That can then route there connection to the correct enteral server or network. Here is an example of my simple network I am right now running a small group of samba server at my house and some family members houses that has 3 PDC on 3 different networks all using private address. With all the networks linked together over a IPSEC network-to-network VPN. So I can have trusted networks setup between the servers. This allows me to log in to any of the Domains from my workstation and manage it.> We have about 300 users distributed on different vlans using private ip > network spaces, and sharing one single public IP when going out to the > Internet. Our samba (3.0.24) server has a pulbic IP and is running as a > primary domain controller. All clients receive Sambas's public IP as > their WINS server. I am able to join the domain but samba stops > responding sporadically. Looking at the logs, I found two things: > First on samba/log.smb: > > oscar01 (4.5.6.7) closed connection to service netlogon > [2008/04/30 11:55:12, 0] lib/util_sock.c:get_peer_addr(1229) > getpeername failed. Error was Transport endpoint is not connected > [2008/04/30 11:55:12, 0] lib/util_sock.c:write_data(562) > write_data: write failure in writing to client 4.5.6.7. Error > Connection reset by peer > [2008/04/30 11:55:12, 0] lib/util_sock.c:send_smb(769) > Error writing 4 bytes to client. -1. (Connection reset by peer) > > Searching on google It seems that this is caused by smb ports=445 139 > and can be fixed by setting it to smb ports=445. I already made this > change. > > Second on samba/log.nmbd > > [2008/04/30 14:25:31, 1] libsmb/cliconnect.c:cli_connect(1369) > Error connecting to 4.5.6.7 (Operation already in progress) > [2008/04/30 14:40:40, 1] lib/util_sock.c:open_socket_out(896) > timeout connecting to 4.5.6.7:139 > > Here it looks like samba is trying to initiate a connection using the > NAT/firewall public IP, which is never going to work since there's no > port forwarding in place. Which makes me wonder, is it possible to run > samba on a NATed network?? > Thank you in advance for your input, > eric. > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >