[Sussex] Remote (Samba 3.0.x) Domain Accesss
Richie Jarvis
richie at helkit.com
Sun Jan 9 11:19:10 UTC 2005
paul Morriss wrote:
> Hi
> I have setup a Samba primary domain controller (TEST_DOMAIN) on my
> local network, I would like to allow remote computers across the
> internet to access the domain, can anyone make any suggestions on where
> to begin? Does it involves CHAP secrets and other stuff like it?
>
> Many thanks in advance
>
> Paul
> "Banging your head against the wall uses 120 calories an hour"
>
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
>
>
I would recommend OpenVPN for this - I have just setup remote access to
my work network using it, and it works great, even through 2 layers of
NAT! Below are the config files I used.
You can get OpenVPN from http://openvpn.sourceforge.net
To allow CIFS to work, you need to allow access from the tunnel in your
smb.conf file using the 'hosts allow' parameter - which, in my configs
shown below is the 10.8.0.x subnet.
Definately don't allow connections directly without encryption from
outside, as standard CIFS connections are un-encrypted.
Cheers,
Richie
Client side config file:
dev tun
remote xxx.xxx.xxx.xxx
auth-user-pass
client
ca certauthorityfile.crt
cert usercert.crt
key userkey.key
verb 1
Server Side config file:
dev tun0
server 10.8.0.0 255.255.255.0
port 1194
verb 4
dh diffeehellmanpem.pem
ca certauthorityfile.crt
cert servercert.crt
key serverkey.key # This file should be kept secret
crl-verify servercrllist.crl
push "route 192.168.0.0 255.255.255.0" # Your internal network
push "dhcp-option DNS 192.168.0.10" # Your internal DNS server 1
push "dhcp-option DNS 192.168.0.7" # Your internal DNS server 2
push "dhcp-option WINS 192.168.0.7" # Your internal WINS server (Samba
server)
push "ping-restart"
plugin /etc/openvpn/modules/openvpn-auth-pam.so login # This
authenticates the users against the login service
keepalive 10 30
status /var/log/openvpn-status.log
log /var/log/openvpn.log
daemon
More information about the Sussex
mailing list