Accessing Samba shares through VPN (long and weird)

• Previous message: Mihai Osian: "Re: private ports for extra SSH"
• Next in thread: Johpe: "Re: Accessing Samba shares through VPN (long and weird)"
• Reply: Johpe: "Re: Accessing Samba shares through VPN (long and weird)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 14 Dec 2004 00:44:41 -0800

Hello

I really need help with this problem I've been trying to fix during the
last week.

The Setup:
I have two different LANs that I have connected through VPN with two
Netgear fvl328 boxes. One of the LANs with subnet 192.168.0.0/24 has a
Slackware 10 Samba server set up as PDC on 192.168.0.2 (The Netgear VPN
gateway is 192.168.0.1). The rest of the computers on this side are
assigned IPs by the Netgears DHCP in the 192.168.0.31-192.168.0.100
range. The Samba server has one NIC and is attached to the Netgears
ethernet hub.

The other LAN is 192.168.10.0/24 and it contains only WindowsXP Pro
workstations. These workstations are also assigned IPs from their
Netgear router, but in the 192.168.10.31-192.168.10.100 range.

Both of the LANs belong to the same workgroup called "ACAMP".

These two LANs are successfully connected over ADSL by VPN with each
other through the fvl328 boxes in each end. I can ping each local
computer on every side and also through the different subnets so the
VPN tunnel is up and running.

The Problem:
Now to the problem, I can not access the shares on the Samba server
from the other side of the VPN. (By access I mean enter the folders and
copy and write files to them.)

I can browse and access the Samba shares from the Windows XP clients on
the local LAN side (192.168.0.0/24). On the local side everything is
normal, I see the Samba server in the network neighborhood in XP, I can
browse the shares on the server and I can access the shares. When I try
to browse the Samba server I'm prompted with the username and password
which I supply and everything works perfectly.

But from the other LAN side (192.168.10.0/24) I can NOT access the
shares. Once again I see the Samba server, I can browse the shares but
I can't access them. And the same goes on this side, when I browse the
Samba server I have to give a samba username and password and then I'm
allowed to see the shares. But when I try to access one of the shares
(e.g. just open the shared folder) I get an error message in Win XP
saying that the share might not be available and access is denied. But
there are no strange error messages in the samba log files which is
weird.

So from what I can tell, since I can see the Samba shares, my WINS
server on the Samba machine is set up correctly but there has to be
something else that I've missed in Samba?? What can this be?

The strange thing that leads me to believe that this has something to
do with Samba is that I can access the folders that the Windows XP
computers have shared through the VPN. For example I have no problems
accessing a shared folder on a Win XP computer with IP 192.168.0.31
from another Win XP computer through the VPN on the other LAN with IP
192.168.10.31.

I've really been trying to figure this out but haven't gotten it to
work. Do I need to add some routing information on the Samba box? Or do
I need to open Samba ports in the Netgears although everything runs
through a VPN? Or is there some special subnet thingie I've been
missing?

Configs:
Here comes a few configs and outputs from my Slackware 10 Samba PDC.

Smb.conf:
[global]
workgroup = ACAMP
server string = ACAMP Samba Server
netbios name = ACAMPLinux
security = user
hosts allow = 192.168.0. 192.168.10. 127.
encrypt passwords = yes
passdb backend = tdbsam
interfaces = 192.168.0.2/24
local master = yes
os level = 40
domain master = yes
preferred master = yes
domain logons = yes
wins support = yes
browse list = yes
remote announce = 192.168.0.255/ACAMP 192.168.10.255/ACAMP
name resolve order = wins lmhosts hosts bcast
[homes]
comment = Home Directories
browseable = no
writable = yes
[admins]
comment = Adminsprograms
path = /home/admin
public = yes
writable = yes
printable = no
valid users = @users
force create mode = 0775
force directory mode = 0775

Output of route:
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 1 0 0 eth0

I hope I've supplied all information needed for some brave soul that
don't mind reading a lot to help me.

Sincerely
Johannes Petersson

• Previous message: Mihai Osian: "Re: private ports for extra SSH"
• Next in thread: Johpe: "Re: Accessing Samba shares through VPN (long and weird)"
• Reply: Johpe: "Re: Accessing Samba shares through VPN (long and weird)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]