NethServer 7.7.1908
samba, openvpn
Bonjour,
Apres un certain temps de recherche, je n’est pas trouvé de réponse a ma question.
Mon serveur samba sous AD semble refuser les connections aux dossiers partagé au travers d’un vpn openvpn.
j’ai mis le reseau (10.10.10.0 masque 255.255.255.0) dans les réseaux de confiance.
Que puis je faire d’autre ?
Merci d’avance
Mi spiace, non conosco il francese. Riesci a riscriverlo in inglese?
NethServer 7.7.1908
samba, openvpn
ok i will try with google translate. I do not have access to samba (AD) shared folders when I am in vpn (openvpn).
I tried to put the 10.10.10.0 network in a trusted network. nothing changes.
Thank you
Which error do you receive? Did you scrubbed the log looking for messages?
Message : connection refused
Samba log [2020/10/29 11:56:53.921907, 0] …/source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name INFO2G<20> from IP 10.10.10.6 on subnet UNICAST_SUBNET.
[2020/10/29 11:56:53.921993, 0] …/source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2020/10/29 11:56:54.024839, 0] …/source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name INFO2G<00> from IP 10.10.10.6 on subnet UNICAST_SUBNET.
[2020/10/29 11:56:54.024938, 0] …/source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2020/10/29 12:04:53.774755, 0] …/source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name AMERICAN<00> from IP 10.10.10.6 on subnet UNICAST_SUBNET.
[2020/10/29 12:04:53.774857, 0] …/source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2020/10/29 12:04:53.792716, 0] …/source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name INFO2G<20> from IP 10.10.10.6 on subnet UNICAST_SUBNET.
[2020/10/29 12:04:53.792795, 0] …/source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
[2020/10/29 12:04:53.810311, 0] …/source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name INFO2G<00> from IP 10.10.10.6 on subnet UNICAST_SUBNET.
[2020/10/29 12:04:53.810390, 0] …/source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
According to the log, Firewall seems innocent into this rush.
Unless there could be specific (so added by the admin) firewall rules, including NATs, that may cause an issue…
hello, I just put the port of openvpn 1192 back on my router firewall. It didn’t change anything.
Here is the log of nmpd:
[2020/10/29 13:23:32.677724, 0] …/source3/nmbd/nmbd_incomingrequests.c:172(process_name_refresh_request)
process_name_refresh_request: unicast name registration request received for name INFO2G<00> from IP 10.10.10.6 on subnet UNICAST_SUBNET.
[2020/10/29 13:23:32.677778, 0] …/source3/nmbd/nmbd_incomingrequests.c:173(process_name_refresh_request)
Error - should be sent to WINS server
Hello,
looks like a missing parameter,
did you try to setup the options in server manager? menu gateway->openvpn roadwarrior->menu advanced, fill the wins and dns sections with correct parameters.
Let me know if it works
BB
of which parameter?
my server has like ip 192.168.1.5. do i have to put the same in the WINS dhcp server?
If you’re using Samba DC you should put as WINS server the container’s IP, not the server IP.
what do you mean by “container ip”
If you’re not using LDAP as account provider, you have 2 IP Addresses in your server.
The first is the actual ip, the one you set into network configuration (Green interface)
The second is the ip of the container, who’s the “effective” account provider of the server, used via LDAP from NethServer.
https://docs.nethserver.org/en/v7/accounts.html#samba-active-directory-local-provider-installation
which firewall may not be so much “permissive” to VPN subnet.
Container is called NSDC into this forum.
Maybe this topic could help you.
where are your
AD server
dhcp server
dns server
wins server?
are you looking for samba shares with name or with IP address?
sorry for the delay in response, I was on the move.
For my server IP address is 192.168.1.5
my AD 192.168.1.4
My DHCP server 192.168.1.210
DNS server: 127.0.0.1 and 217.237.150.188 (FAI)
Wins ?
I access my shared files by the IP address: \\192.168.1.5\
Login: user@domain.local
the user must be: DOMAIN\user
Then the password.
I have already tried it but the result is the same.
Other than samba shares access problem, vpn connection works as expected?
Sorry to return to the subject.
My problem is still not resolved.
I can access the samba files which are opened as a guest.
The others don’t.
My ip server is 192.168.1.5
it is not configured as a gateway.
My ad server is 192.168.1.4
my vpn ip is 10.10.10.2 when I am connected
My gateway 192.168.1.210 (router cisco)
I’m lost.
Hi
You will need a route on your Cisco for the 10.10.10.0/24 network, pointing to the NethServer providing OpenVPN…
Reason:
Example, you VPN in, and try to access eg your AD.
The AD will send the packets back - but to the Cisco, as that’s your default gateway.
Those get thrown away, as they’re not allowed on the Internet.
You can also add a route on all your other servers, like the AD, but it’s easier doing it once, on your Cisco Firewall!
My 2 cents
Andy