Hi All,
I'm having a problem with cross subnet browsing and name resolution across
an openvpn tunnel. i've found quite a few people who've had the same on
mail lists but none of their fixes have worked. The spec of the setups at
both ends of the tunnel are as follows:
OS - CentOS 5.5
Samba Version 3.5.4
OpenVPN Version 2.0.9-1
Each server is configured in gateway mode with two NICS, one to the lan
and the other to a modem/router. The first machine, HEADOFFICE, has an
internal IP address of
192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1,
has an internal address of 192.168.1.254 and an external of 192.168.20.4.
On openVPN, I have configured client to client and routes and iroutes to
allow machines on each network to ping machines at the other end as well
as the server IP's.
So far so good and I can ping any machine on either subnet from anywhere
and get a reply. The servers are configured as Samba servers with the
HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1
machine configured as a BDC and WINS proxy. In order to maintain logon
facilities in the event of broadband failure,
I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates
and password changes propogate successfully from one site to the other.
If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works
perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet
fails on name resolution while
entering \\192.168.1.254\ brings up Windows Explorer and a list of shares.
I've included the remote browse entries in smb.conf on the PDC and have
WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP
back to the WINS server.
Port scanning the internal IP of each machine from the oher end of the
tunnel returns a full set of open ports for the services I'm using but no
IP.
If anyone can spot what I'm doing wrong I'd be grateful.
Thanks.
################ smb.conf - HEADOFFICE ################
### Included 2nd subnet for second remote site in browse sync
[ global]
workgroup = NEWDOM
netbios name = HEADOFFICE
security = user
enable privileges = yes
interfaces = 192.168.0.1 127.0.0.1
# hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0
194.168.2.0/255.255.255.0 127.0.0.1
remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM
remote browse sync = 192.168.1.255 192.168.2.255
wins support = yes
name resolve order = wins hosts bcast
username map = /etc/samba/smbusers
server string = Samba Server %v
encrypt passwords = Yes
ldap ssl = no
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype
new
password*" %n\n"
# public = yes
# browseable = yes
# lm announce = yes
# browse list = yes
# auto services = yes
log level = 3
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
local master = Yes
domain logons = Yes
domain master = Yes
os level = 65
preferred master = Yes
wins support = yes
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=newdom,dc=ldm
ldap suffix = dc=newdom,dc=ldm
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
[shared]
comment = shared directory
path = /dat
browseable = yes
read only = no
create mask = 0660
directory mask = 0770
############ smb.conf - REMOTE1 #############################
[global]
workgroup = NEWDOM
netbios name = REMOTE1
security = user
enable privileges = yes
interfaces = 192.168.1.254 127.0.0.1
# hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
10.8.0.0/24 127.0.0.1
wins server = 192.168.0.1
wins proxy = yes
username map = /etc/samba/smbusers
name resolve order = wins bcast hosts
server string = Samba Server %v
encrypt passwords = Yes
ldap ssl = no
unix password sync = yes
ldap passwd sync = no
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype
new
password*" %n\n"
log level = 0
syslog = 0
log file = /var/log/samba/log.%U
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
local master = Yes
domain logons = Yes
domain master = no
os level = 40
preferred master = no
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = cn=Manager,dc=newdom,dc=ldm
ldap suffix = dc=newdom,dc=ldm
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
[test]
comment = test share
path = /test
browseable = yes
SNIP> > > Hi All, > > I'm having a problem with cross subnet browsing and name resolution > across > an openvpn tunnel. i've found quite a few people who've had the same > on > mail lists but none of their fixes have worked. The spec of the setups > at > both ends of the tunnel are as follows:"remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255" This looks odd to me. remote announce = <wins server ip>/<DOMNAME> remote browse sync = <wins server ip> NEEDED in both smb.conf wins server = <wins server ip> Can't remember default for this setting sooooo enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful.> > > > OS - CentOS 5.5 > Samba Version 3.5.4 > OpenVPN Version 2.0.9-1 > > Each server is configured in gateway mode with two NICS, one to the > lan > and the other to a modem/router. The first machine, HEADOFFICE, has > an > internal IP address of > 192.168.0.1 and an external of 192.168.10.4. The second machine, > REMOTE1, > has an internal address of 192.168.1.254 and an external of > 192.168.20.4. > > On openVPN, I have configured client to client and routes and iroutes > to > allow machines on each network to ping machines at the other end as > well > as the server IP's. > So far so good and I can ping any machine on either subnet from > anywhere > and get a reply. The servers are configured as Samba servers with the > HEADOFFICE machine working as a PDC, DMC and WINS server and the > REMOTE1 > machine configured as a BDC and WINS proxy. In order to maintain > logon > facilities in the event of broadband failure, > I have replicated the LDAP server from HEADOFFICE to REMOTE1 and > updates > and password changes propogate successfully from one site to the > other. > > If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it > works > perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet > fails on name resolution while > entering \\192.168.1.254\ brings up Windows Explorer and a list of > shares. > > I've included the remote browse entries in smb.conf on the PDC and > have > WINS Proxying set up on the BDC but I can't get it to push REMOTE1's > IP > back to the WINS server. > Port scanning the internal IP of each machine from the oher end of the > tunnel returns a full set of open ports for the services I'm using but > no > IP. > > If anyone can spot what I'm doing wrong I'd be grateful. > > Thanks. > > ################ smb.conf - HEADOFFICE ################ > ### Included 2nd subnet for second remote site in browse sync > > [ global] > workgroup = NEWDOM > netbios name = HEADOFFICE > security = user > enable privileges = yes > interfaces = 192.168.0.1 127.0.0.1 > # hosts allow = 192.168.0.0/255.255.255.0 > 192.168.1.0/255.255.255.0 > 194.168.2.0/255.255.255.0 127.0.0.1 > remote announce = 192.168.2.255/NEWDOM > 192.168.1.255/NEWDOM > remote browse sync = 192.168.1.255 192.168.2.255 > wins support = yes > name resolve order = wins hosts bcast > username map = /etc/samba/smbusers > server string = Samba Server %v > encrypt passwords = Yes > ldap ssl = no > unix password sync = yes > ldap passwd sync = no > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n > "*Retype new > password*" %n\n" > > # public = yes > # browseable = yes > # lm announce = yes > # browse list = yes > # auto services = yes > > log level = 3 > syslog = 0 > log file = /var/log/samba/log.%U > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > mangling method = hash2 > Dos charset = 850 > Unix charset = ISO8859-1 > > local master = Yes > domain logons = Yes > domain master = Yes > os level = 65 > preferred master = Yes > wins support = yes > > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=Manager,dc=newdom,dc=ldm > ldap suffix = dc=newdom,dc=ldm > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -t 0 > -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > #delete group script = /usr/sbin/smbldap-groupdel > "%g" > add user to group script = /usr/sbin/smbldap-groupmod > -m "%u" "%g" > delete user from group script = > /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod > -g '%g' '%u' > > [shared] > comment = shared directory > path = /dat > browseable = yes > read only = no > create mask = 0660 > directory mask = 0770 > > > ############ smb.conf - REMOTE1 ############################# > > [global] > workgroup = NEWDOM > netbios name = REMOTE1 > security = user > enable privileges = yes > interfaces = 192.168.1.254 127.0.0.1 > # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 > 10.8.0.0/24 127.0.0.1 > wins server = 192.168.0.1 > wins proxy = yes > username map = /etc/samba/smbusers > name resolve order = wins bcast hosts > server string = Samba Server %v > encrypt passwords = Yes > ldap ssl = no > unix password sync = yes > ldap passwd sync = no > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n > "*Retype new > password*" %n\n" > > log level = 0 > syslog = 0 > log file = /var/log/samba/log.%U > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > mangling method = hash2 > Dos charset = 850 > Unix charset = ISO8859-1 > > local master = Yes > domain logons = Yes > domain master = no > os level = 40 > preferred master = no > > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=Manager,dc=newdom,dc=ldm > ldap suffix = dc=newdom,dc=ldm > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -t 0 > -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod > -m "%u" "%g" > delete user from group script = > /usr/sbin/smbldap-groupmod -x "%u" > "%g" > set primary group script = /usr/sbin/smbldap-usermod > -g '%g' '%u' > > [test] > comment = test share > path = /test > browseable = yes > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Julian Pilfold-Bagwell wrote:>I'm having a problem with cross subnet browsing and name resolutionacross>an openvpn tunnel. i've found quite a few people who've had the same on >mail lists but none of their fixes have worked. The spec of the setupsat>both ends of the tunnel are as follows: > >OS - CentOS 5.5 >Samba Version 3.5.4 >OpenVPN Version 2.0.9-1 > >Each server is configured in gateway mode with two NICS, one to the lan >and the other to a modem/router. The first machine, HEADOFFICE, has an >internal IP address of >192.168.0.1 and an external of 192.168.10.4. The second machine,REMOTE1,>has an internal address of 192.168.1.254 and an external of192.168.20.4.> >On openVPN, I have configured client to client and routes and iroutesto>allow machines on each network to ping machines at the other end aswell>as the server IP's. >So far so good and I can ping any machine on either subnet fromanywhere>and get a reply. The servers are configured as Samba servers with the >HEADOFFICE machine working as a PDC, DMC and WINS server and theREMOTE1> machine configured as a BDC and WINS proxy. In order to maintainlogon>facilities in the event of broadband failure, >I have replicated the LDAP server from HEADOFFICE to REMOTE1 andupdates>and password changes propogate successfully from one site to the other. > >If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet itworks>perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet >fails on name resolution while >entering \\192.168.1.254\ brings up Windows Explorer and a list ofshares.> >I've included the remote browse entries in smb.conf on the PDC and have >WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP >back to the WINS server. >Port scanning the internal IP of each machine from the oher end of the >tunnel returns a full set of open ports for the services I'm using butno>IP. > >If anyone can spot what I'm doing wrong I'd be grateful. > >Thanks. > >################ smb.conf - HEADOFFICE ################ >### Included 2nd subnet for second remote site in browse sync > >[ global] > workgroup = NEWDOM > netbios name = HEADOFFICE > security = user > enable privileges = yes > interfaces = 192.168.0.1 127.0.0.1 ># hosts allow = 192.168.0.0/255.255.255.0192.168.1.0/255.255.255.0>194.168.2.0/255.255.255.0 127.0.0.1 > remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM > remote browse sync = 192.168.1.255 192.168.2.255 > wins support = yes > name resolve order = wins hosts bcast > username map = /etc/samba/smbusers > server string = Samba Server %v > encrypt passwords = Yes > ldap ssl = no > unix password sync = yes > ldap passwd sync = no > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n "*Retype new >password*" %n\n" > ># public = yes ># browseable = yes ># lm announce = yes ># browse list = yes ># auto services = yes > > log level = 3 > syslog = 0 > log file = /var/log/samba/log.%U > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > mangling method = hash2 > Dos charset = 850 > Unix charset = ISO8859-1 > > local master = Yes > domain logons = Yes > domain master = Yes > os level = 65 > preferred master = Yes > wins support = yes > > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=Manager,dc=newdom,dc=ldm > ldap suffix = dc=newdom,dc=ldm > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > #delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" >"%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x >"%u" >"%g" > set primary group script = /usr/sbin/smbldap-usermod -g '%g''%u'> >[shared] > comment = shared directory > path = /dat > browseable = yes > read only = no > create mask = 0660 > directory mask = 0770 > > >############ smb.conf - REMOTE1 ############################# > >[global] > workgroup = NEWDOM > netbios name = REMOTE1 > security = user > enable privileges = yes > interfaces = 192.168.1.254 127.0.0.1 ># hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 >10.8.0.0/24 127.0.0.1 > wins server = 192.168.0.1 > wins proxy = yes > username map = /etc/samba/smbusers > name resolve order = wins bcast hosts > server string = Samba Server %v > encrypt passwords = Yes > ldap ssl = no > unix password sync = yes > ldap passwd sync = no > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n "*Retype new >password*" %n\n" > > log level = 0 > syslog = 0 > log file = /var/log/samba/log.%U > max log size = 100000 > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > mangling method = hash2 > Dos charset = 850 > Unix charset = ISO8859-1 > > local master = Yes > domain logons = Yes > domain master = no > os level = 40 > preferred master = no > > passdb backend = ldapsam:ldap://127.0.0.1 > ldap admin dn = cn=Manager,dc=newdom,dc=ldm > ldap suffix = dc=newdom,dc=ldm > ldap group suffix = ou=Groups > ldap user suffix = ou=Users > ldap machine suffix = ou=Computers > ldap idmap suffix = ou=Idmap > > add user script = /usr/sbin/smbldap-useradd -m "%u" > ldap delete dn = Yes > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" >"%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x >"%u" >"%g" > set primary group script = /usr/sbin/smbldap-usermod -g '%g''%u'> >[test] > comment = test share > path = /test > browseable = yesWe had trouble with some subnet name resolution on CentOS until we added modprobe ip_conntrack_netbios_ns into the firewall start script. It lets the firewall recognise that replies to netbios requests are part of an established conversation, so it's okay to allow them. Moray. "To err is human.? To purr, feline"
> > --- Original message --- > Subject: Re: [Samba] Cross subnet browsing + OpenVPN > From: Robert Schetterer <robert at schetterer.org> > To: <samba at lists.samba.org> > Date: Friday, 09/07/2010 3:05 AM > > Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: >> >> Sorry about the delay, family emergency to deal with. >> browse sync shares the info across them. I tried putting the specific >> IP addresses of the local master browsers into the browse sync but it >> still doesn't seem to spread everything across all the subnets. > > you should use tap interfaces with openvpnThis is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: Server configuration file> > dev tun > ifconfig 10.8.0.1 10.8.0.2 > secret static.keyClient configuration file > > remote myremote.mydomain > dev tun > ifconfig 10.8.0.2 10.8.0.1 > secret static.keyFrom: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH!> >> > >> >> >> >> From what I understand, the remote announce tells the WINS server to >> broadcast across the remote subnets and remote >> >> On 06/07/10 13:50, tms3 at tms3.com wrote: >>> >>> >>> >>> SNIP >>>> >>>> >>>> Hi All, >>>> >>>> I'm having a problem with cross subnet browsing and name resolution >>>> across >>>> an openvpn tunnel. i've found quite a few people who've had the same >>>> on >>>> mail lists but none of their fixes have worked. The spec of the >>>> setups at >>>> both ends of the tunnel are as follows: >>> "remote announce = 192.168.2.255/NEWDOM >>> 192.168.1.255/NEWDOM >>> remote browse sync = 192.168.1.255 192.168.2.255" >>> >>> This looks odd to me. >>> >>> remote announce = <wins server ip>/<DOMNAME> >>> remote browse sync = <wins server ip> >>> >>> NEEDED in both smb.conf >>> >>> wins server = <wins server ip> >>> >>> Can't remember default for this setting sooooo >>> >>> enhanced browsing = Yes >>> >>> in both smb.conf >>> >>> >>> DHCP should point clients to headoffice for WINS. WINS proxy is not >>> useful. >>>> >>>> >>>> >>>> OS - CentOS 5.5 >>>> Samba Version 3.5.4 >>>> OpenVPN Version 2.0.9-1 >>>> >>>> Each server is configured in gateway mode with two NICS, one to the >>>> lan >>>> and the other to a modem/router. The first machine, HEADOFFICE, has an >>>> internal IP address of >>>> 192.168.0.1 and an external of 192.168.10.4. The second machine, >>>> REMOTE1, >>>> has an internal address of 192.168.1.254 and an external of >>>> 192.168.20.4. >>>> >>>> On openVPN, I have configured client to client and routes and iroutes >>>> to >>>> allow machines on each network to ping machines at the other end as >>>> well >>>> as the server IP's. >>>> So far so good and I can ping any machine on either subnet from >>>> anywhere >>>> and get a reply. The servers are configured as Samba servers with the >>>> HEADOFFICE machine working as a PDC, DMC and WINS server and the >>>> REMOTE1 >>>> machine configured as a BDC and WINS proxy. In order to >>>> maintain >>>> logon >>>> facilities in the event of broadband failure, >>>> I have replicated the LDAP server from HEADOFFICE to REMOTE1 and >>>> updates >>>> and password changes propogate successfully from one site to the >>>> other. >>>> >>>> If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it >>>> works >>>> perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet >>>> fails on name resolution while >>>> entering \\192.168.1.254\ brings up Windows Explorer and a list of >>>> shares. >>>> >>>> I've included the remote browse entries in smb.conf on the PDC and >>>> have >>>> WINS Proxying set up on the BDC but I can't get it to push REMOTE1's >>>> IP >>>> back to the WINS server. >>>> Port scanning the internal IP of each machine from the oher end of the >>>> tunnel returns a full set of open ports for the services I'm using >>>> but no >>>> IP. >>>> >>>> If anyone can spot what I'm doing wrong I'd be grateful. >>>> >>>> Thanks. >>>> >>>> ################ smb.conf - HEADOFFICE ################ >>>> ### Included 2nd subnet for second remote site in browse sync >>>> >>>> [ global] >>>> workgroup = NEWDOM >>>> netbios name = HEADOFFICE >>>> security = user >>>> enable privileges = yes >>>> interfaces = 192.168.0.1 127.0.0.1 >>>> # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 >>>> 194.168.2.0/255.255.255.0 127.0.0.1 >>>> remote announce = 192.168.2.255/NEWDOM >>>> 192.168.1.255/NEWDOM >>>> remote browse sync = 192.168.1.255 192.168.2.255 >>>> wins support = yes >>>> name resolve order = wins hosts bcast >>>> username map = /etc/samba/smbusers >>>> server string = Samba Server %v >>>> encrypt passwords = Yes >>>> ldap ssl = no >>>> unix password sync = yes >>>> ldap passwd sync = no >>>> passwd program = /usr/sbin/smbldap-passwd -u "%u" >>>> passwd chat = "Changing *\nNew password*" %n\n >>>> "*Retype new >>>> password*" %n\n" >>>> >>>> # public = yes >>>> # browseable = yes >>>> # lm announce = yes >>>> # browse list = yes >>>> # auto services = yes >>>> >>>> log level = 3 >>>> syslog = 0 >>>> log file = /var/log/samba/log.%U >>>> max log size = 100000 >>>> time server = Yes >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 >>>> SO_SNDBUF=8192 >>>> mangling method = hash2 >>>> Dos charset = 850 >>>> Unix charset = ISO8859-1 >>>> >>>> local master = Yes >>>> domain logons = Yes >>>> domain master = Yes >>>> os level = 65 >>>> preferred master = Yes >>>> wins support = yes >>>> >>>> passdb backend = ldapsam:ldap://127.0.0.1 >>>> ldap admin dn = cn=Manager,dc=newdom,dc=ldm >>>> ldap suffix = dc=newdom,dc=ldm >>>> ldap group suffix = ou=Groups >>>> ldap user suffix = ou=Users >>>> ldap machine suffix = ou=Computers >>>> ldap idmap suffix = ou=Idmap >>>> >>>> add user script = /usr/sbin/smbldap-useradd -m >>>> "%u" >>>> ldap delete dn = Yes >>>> delete user script = /usr/sbin/smbldap-userdel >>>> "%u" >>>> add machine script = /usr/sbin/smbldap-useradd -t >>>> 0 -w "%u" >>>> add group script = /usr/sbin/smbldap-groupadd -p >>>> "%g" >>>> #delete group script = /usr/sbin/smbldap-groupdel >>>> "%g" >>>> add user to group script = >>>> /usr/sbin/smbldap-groupmod -m >>>> "%u" "%g" >>>> delete user from group script = >>>> /usr/sbin/smbldap-groupmod >>>> -x "%u" >>>> "%g" >>>> set primary group script = >>>> /usr/sbin/smbldap-usermod -g >>>> '%g' '%u' >>>> >>>> [shared] >>>> comment = shared directory >>>> path = /dat >>>> browseable = yes >>>> read only = no >>>> create mask = 0660 >>>> directory mask = 0770 >>>> >>>> >>>> ############ smb.conf - REMOTE1 ############################# >>>> >>>> [global] >>>> workgroup = NEWDOM >>>> netbios name = REMOTE1 >>>> security = user >>>> enable privileges = yes >>>> interfaces = 192.168.1.254 127.0.0.1 >>>> # hosts allow = 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24 >>>> 10.8.0.0/24 127.0.0.1 >>>> wins server = 192.168.0.1 >>>> wins proxy = yes >>>> username map = /etc/samba/smbusers >>>> name resolve order = wins bcast hosts >>>> server string = Samba Server %v >>>> encrypt passwords = Yes >>>> ldap ssl = no >>>> unix password sync = yes >>>> ldap passwd sync = no >>>> passwd program = /usr/sbin/smbldap-passwd -u "%u" >>>> passwd chat = "Changing *\nNew password*" %n\n >>>> "*Retype new >>>> password*" %n\n" >>>> >>>> log level = 0 >>>> syslog = 0 >>>> log file = /var/log/samba/log.%U >>>> max log size = 100000 >>>> time server = Yes >>>> socket options = TCP_NODELAY SO_RCVBUF=8192 >>>> SO_SNDBUF=8192 >>>> mangling method = hash2 >>>> Dos charset = 850 >>>> Unix charset = ISO8859-1 >>>> >>>> local master = Yes >>>> domain logons = Yes >>>> domain master = no >>>> os level = 40 >>>> preferred master = no >>>> >>>> passdb backend = ldapsam:ldap://127.0.0.1 >>>> ldap admin dn = cn=Manager,dc=newdom,dc=ldm >>>> ldap suffix = dc=newdom,dc=ldm >>>> ldap group suffix = ou=Groups >>>> ldap user suffix = ou=Users >>>> ldap machine suffix = ou=Computers >>>> ldap idmap suffix = ou=Idmap >>>> >>>> add user script = /usr/sbin/smbldap-useradd -m >>>> "%u" >>>> ldap delete dn = Yes >>>> delete user script = /usr/sbin/smbldap-userdel >>>> "%u" >>>> add machine script = /usr/sbin/smbldap-useradd -t >>>> 0 -w "%u" >>>> add group script = /usr/sbin/smbldap-groupadd -p >>>> "%g" >>>> delete group script = /usr/sbin/smbldap-groupdel >>>> "%g" >>>> add user to group script = >>>> /usr/sbin/smbldap-groupmod -m >>>> "%u" "%g" >>>> delete user from group script = >>>> /usr/sbin/smbldap-groupmod >>>> -x "%u" >>>> "%g" >>>> set primary group script = >>>> /usr/sbin/smbldap-usermod -g >>>> '%g' '%u' >>>> >>>> [test] >>>> comment = test share >>>> path = /test >>>> browseable = yes >>>> >>>> >>>> -- >>>> To unsubscribe from this list go to the following URL and read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>> >> > > > -- > Best Regards > > MfG Robert Schetterer > > Germany/Munich/Bavaria > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba