PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Samba und VPN



be1001
30.05.07, 00:38
Hallo,

folgendes Problem:

Ich habe zwei SambaServer am laufen. Auf einem Suse7.3 einen Samba 2.2.1 (172.29.174.29) und auf einem Suse 9.3 einen Samba Version 3 (172.29.170.12).

Im Netzwerk läuft alles super, ich kann die Server über den Explorer suchen und ich bekomme die Verzeichnisse angezeigt. Deshalb habe ich mir mehrer Netzwerkverbindungen fest eingerichtet. Alles super.

Jetzt mein Problem.

Habe mir über meine Zywall einen VPN -Zugang eingerichtet, damit ich auch von aussen an Daten im Netzwerk zugreifen kann. Im Netzwerk läuft der Laptop super.
Jetzt das komische: Auf den Samba version 3 kann ich über den VPN zugreifen, auf den Samba Version 2 nicht.

Zum Test habe ich mal probiert ob ich über VPN mit WEBMIN auf beide Rechner zugreifen kann, das geht.

Wo kann ich noch suchen. In den Globaleinstellungen von Samba Version habe ich nichts gefunden was ich vergessen haben könnte.

Wer kann helfen oder weiss eine Lösung?????

Danke
Christian
:cool:

MiGo
01.06.07, 09:35
Und was steht in den Logs von Samba2, wenn du so versuchst, drauf zuzugreifen?

bla!zilla
01.06.07, 20:31
Bitte mal die smb.conf hier posten. Danke.

be1001
02.06.07, 11:33
Hallo,

danke für die Hilfe. :o

Server 1 Samba Version 3.01313, funktioniert der Zugriff über VPN

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2007/06/01 21:18:13

# Global parameters
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = CDO
realm =
netbios name = APACHE
netbios aliases =
netbios scope =
server string = Apacheserver
interfaces =
bind interfaces only = No
security = SHARE
auth methods =
encrypt passwords = Yes
update encrypted = Yes
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
hosts equiv =
min password length = 5
map to guest = Bad User
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = smbpasswd
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = No
pam password change = No
passwd program =
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
use kerberos keytab = No
log level = 0
syslog = 1
syslog only = No
log file =
max log size = 5000
debug timestamp = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 445 139
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
acl compatibility =
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = auto
client use spnego = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
kernel change notify = Yes
lpq cache time = 30
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
socket options = TCP_NODELAY
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 0
printcap name =
cups server =
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
stat cache = Yes
machine password timeout = 604800
add user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
shutdown script =
abort shutdown script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = No
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = Yes
wins hook =
wins partners =
kernel oplocks = No
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap filter = (uid=%u)
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap passwd sync = no
ldap replication sleep = 1000
ldap suffix =
ldap ssl = no
ldap timeout = 15
ldap user suffix =
add share command =
change share command =
delete share command =
config file =
preload =
lock directory = /var/lib/samba
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
afs username map =
afs token lifetime = 604800
log nt token command =
time offset = 0
NIS homedir = No
panic action =
host msdfs = No
enable rid algorithm = Yes
idmap backend =
idmap uid =
idmap gid =
template primary group = nobody
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enable local accounts = No
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = No
comment =
path =
username =
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
allocation roundup size = 1048576
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = lprng
cups options =
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command = lpc hold '%p' %j
lpresume command = lpc release '%p' %j
queuepause command = lpc stop '%p'
queueresume command = lpc start '%p'
printer name =
use client driver = No
default devmode = No
force printername = No
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
store dos attributes = No
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Yes
share modes = Yes
copy =
include =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =

[apache]
comment = Apache
path = /christian/Apache
username = cbeilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
inherit acls = Yes
case sensitive = No
msdfs proxy = no

[linuxprogramme]
comment = Linuxprogramme
path = /christian/Linuxprogramme
username = cbeilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
inherit acls = Yes

[movie]
comment = Movie
path = /christian/Movie
username = movie
read only = No
create mask = 0777
force create mode = 0777
inherit acls = Yes
only user = Yes

[FTP-Server]
comment = FTP-Server
path = /christian/FTP-Server/
username = cbeilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777

[Christian]
comment = Christian
path = /christian/Christian
username = movie
read only = No
create mask = 0777
force create mode = 0777
only user = Yes

[Solarlog400]
comment = Solarlog400
path = /home/solarlog
username = cbeilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
inherit permissions = Yes
inherit acls = Yes
case sensitive = No
msdfs proxy = no

[FacilityServer]
path = /christian/FacilityServer/
username = FacilityServer
read only = No
create mask = 0777
directory mask = 0777
guest ok = Yes
only user = Yes
case sensitive = No
msdfs proxy = no


Server 2 Samba Version 2.21 , funktioniert der Zugriff über VPN nicht

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2007/06/01 21:19:58

# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/share/samba/codepages
workgroup = CDO
netbios name = SAMBASERVER
netbios aliases =
netbios scope =
server string = Samba 2.2.1a
interfaces =
bind interfaces only = No
security = SHARE
encrypt passwords = Yes
update encrypted = Yes
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Bad User
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
log level = 0
syslog = 1
syslog only = No
log file =
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt acl support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
stat cache size = 50
total print jobs = 0
load printers = Yes
printcap name = /etc/printcap
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
character set = ISO8859-15
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = Yes
wins hook =
kernel oplocks = No
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/lib/samba
pid dir = /var/run/samba
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
comment =
path =
alternate permissions = Yes
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
max connections = 0
min print space = 0
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = lprng
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No

[Christian]
comment = Christian
path = /chris/Memory100GB/Christian
username = cbeilfuss
guest account =
force user = Christian Beilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
guest ok = Yes

[Software]
comment = Software Verzeichnis
path = /chris/Memory100GB/Software
username = cbeilfuss
guest account =
force user = Christian Beilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777

[DVD]
comment = Linux DVD-ROM
path = /media/dvd
read only = No
guest only = Yes
guest ok = Yes
locking = No

[edonkey]
comment = edonkey
path = /chris2/Memory120GB/edonkey
force user = Christian Beilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
guest only = Yes
guest ok = Yes

[SERVER.MET]
comment = SERVER.MET
path = /home/edonkey
read only = No
guest ok = Yes

[Angelika]
comment = Angelika
path = /chris/Memory100GB/Angelika
username = cbeilfuss
guest account =
force user = Angelika Witz
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777

[Movie]
comment = Movie
path = /chris2/Memory120GB/Movie
username = movie
guest account =
read only = No
create mask = 0777
force create mode = 0777
only user = Yes

[Filme]
comment = Filme
path = /chris2/Memory120GB/Filme
username = cbeilfuss
guest account =
force user = Christian Beilfuss
read only = No
create mask = 0777
force security mode = 0777
directory mask = 0777

[Backup]
comment = Backup
path = /chris/Memory100GB/Backup
username = cbeilfuss
guest account =
force user = Christian Beilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777

[Lederberg]
comment = Lederberg
path = /chris/Memory100GB/Lederberg
username = cbeilfuss
guest account =
force user = Christian Beulfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777

[Faxserver]
comment = Faxserver
path = /var/spool/fax/recvq
username = cbeilfuss
guest account =
force user = Christian Beilfuss
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777

Die Ausdrucke habe ich über "SWAT" erstellt.

Christian ;)

bla!zilla
03.06.07, 13:03
Sehr mühsam zu lesen. Welche Fehlermeldung bekommst du eigentlich? Was steht in den Samba Logs drin?

]tux[cHriz
03.06.07, 17:06
konntest du nicht noch mehr unsinnige variablen die du nicht brauchst reinpacken? *SCNR*

be1001
03.06.07, 22:13
Hallo,

anbei ein Ausdruck aus meinem Log.

Der letzte Eintrag ist entstanden wenn ich mich aus dem LAN auf den Sambaserver einlogge, vom VPN komme ich gar nicht so weit....

P:S: Ich habe eine feste IP 217. ................. . Muss ich die irgendwo eintragen bzw. freigeben venn ich über VPN komme?



compaq_p500:/var/log/samba # tail -f log.smbd
[2007/06/03 21:11:58, 0] smbd/password.c:authorise_login(909)
authorise_login: Invalid guest account ??
[2007/06/03 21:33:02, 0] smbd/nttrans.c:call_nt_transact_ioctl(1798)
call_nt_transact_ioctl: Currently not implemented.
[2007/06/03 21:36:14, 0] lib/util_sock.c:read_socket_data(478)
read_socket_data: recv failure for 4. Error = No route to host
[2007/06/03 21:54:29, 0] smbd/nttrans.c:call_nt_transact_ioctl(1798)
call_nt_transact_ioctl: Currently not implemented.
[2007/06/03 21:58:01, 0] lib/util_sock.c:read_socket_data(478)
read_socket_data: recv failure for 4. Error = No route to host
[2007/06/03 22:02:07, 0] smbd/nttrans.c:call_nt_transact_ioctl(1798)
call_nt_transact_ioctl: Currently not implemented.

]tux[cHriz
04.06.07, 06:50
überprüfe das Routing vom sambaserver zum Client der über VPN kommt...

be1001
04.06.07, 13:26
Hallo,

der Client, von dem das VPN kommt ist das Gateway.
Ich habe ein Zywall 35, die ist Gateway zum Internet und VPN-Server.

Christian

MiGo
06.06.07, 09:06
der Client, von dem das VPN kommt ist das Gateway.
Ich habe ein Zywall 35, die ist Gateway zum Internet und VPN-Server.

Und ist die Rückwärts-Route zum VPN auf dem Sambaserver auch eingetragen? Daten kommen wohl beim Sambaserver an, aber er kann keine Antwort zurückschicken...

be1001
06.06.07, 21:49
Wo muss ich das eintragen????

Langsam blick ichs nicht mehr!!!!!!!

bla!zilla
07.06.07, 12:05
Der Sambaserver braucht eine Route, wie er den Client im VPN Netz erreichen kann. Du musst also am Server eine Route einrichten, mit welcher der Server die Clients, oder den Client, mit der ZyWALL als Gateway, erreichen kann.

be1001
08.06.07, 13:01
Hallo,

hab versucht das Problem weiter einzugrenzen, dabei mir folgendes aufgefallen.

Zum Spass hab ich für einen neuen Test meinen alten Windows 2000 Desktop genommen, mit dem funktioniert alles. Ich kann auf beide SambaServer über VPN zugreifen, das Routing kann es also nicht sein.

Zurück zu meinem Windows XP Laptop.

Wenn ich meinen externen ISDN Internet Account per VPN in meinen Netzwerk anmelde gehen ich folgenden Weg:

Laptop Windows XP ->
Isdn Internet Provider IP:212.xxx.xxx.xxx -->
Verbindung über VPN Client auf meine Zywall 35 externe IP 217.xxx.xxx.xxx

Zywall 35: Internes LAN 172.29.174.xxx
DMZ 172.29.170.12

Per Ping erreiche ich alle Rechner vom Laptop(über VPN), den SambaServer reiche ich nur in der Range 172.29.170.xx .
Wenn ich unter Windows-Explorer die funktion Rechner suchen mache, werden Rechner unter der Range 172.29.170.xx gefunden, Rechner unter der Range 172.29.174.xxx nicht.

Einstellungen der Zywall 35 müssen richtig sein, da vom Windows 2000 Rechner (über VPN) alle Funktionen gehen.

Irgendwo im Windows XP liegt der HUnd begraben, die Firewall habe ich schon deaktiviert, das bringt nichts. Wo kann ich noch suchen?????????

MiGo
13.06.07, 09:41
Zum Spass hab ich für einen neuen Test meinen alten Windows 2000 Desktop genommen, mit dem funktioniert alles.
Und mit dem bist du wie an das VPN gegangen? Auch per ISDN?

Einstellungen der Zywall 35 müssen richtig sein, da vom Windows 2000 Rechner (über VPN) alle Funktionen gehen.
Nicht notwendigerweise. Klink' dich mal (wenn noch nicht so geschehen) echt von aussen (->ISDN) mit dem Win2K-Rechner ins VPN ein. Geht's dann immer noch?

be1001
15.06.07, 10:29
Hallo,

ich klinke mich ja von aussen über ISDN ein, über den Windows 2000 PC geht alles, über den Windows XP nicht.

Irgendwo in Windows XP muss wass freigeschaltet werden.

Nur wo????????

MiGo
18.06.07, 07:26
Irgendwo in Windows XP muss wass freigeschaltet werden.
Evtl. hängt's an der WindwosXP-Firewall - wenn ein VPN-Zugang eingerichtet wird, wird dazu ja ein anderes "Netzwerkgerät" verwendet/erstellt.
Hast du dir von dem neuen Netzwerkgerät mal die Firewalleinstellungen angeschaut?