[Sussex] Remote (Samba 3.0.x) Domain Accesss

paul Morriss paul.morriss at tokenbay.co.uk
Sun Jan 9 11:23:10 UTC 2005 

Richie
   Would the remote machine be part of the domain?  The firewall that we 
will be going through is Smoothwall Express 2.. Should I expeact any 
issues ?

Many thanks

Paul

Richie Jarvis wrote:
> paul Morriss wrote:
> 
>> Hi
>>   I have setup a Samba primary domain controller (TEST_DOMAIN) on my 
>> local network, I would like to allow remote computers across the 
>> internet to access the domain, can anyone make any suggestions on 
>> where to begin?  Does it involves CHAP secrets and other stuff like it?
>>
>> Many thanks in advance
>>
>> Paul
>> "Banging your head against the wall uses 120 calories an hour"
>>
>> _______________________________________________
>> Sussex mailing list
>> Sussex at mailman.lug.org.uk
>> http://mailman.lug.org.uk/mailman/listinfo/sussex
>>
>>
> I would recommend OpenVPN for this - I have just setup remote access to 
> my work network using it, and it works great, even through 2 layers of 
> NAT!  Below are the config files I used.
> 
> You can get OpenVPN from http://openvpn.sourceforge.net
> 
> To allow CIFS to work, you need to allow access from the tunnel in your 
> smb.conf file using the 'hosts allow' parameter - which, in my configs 
> shown below is the 10.8.0.x subnet.
> 
> Definately don't allow connections directly without encryption from 
> outside, as standard CIFS connections are un-encrypted.
> 
> Cheers,
> 
> Richie
> 
> Client side config file:
> dev tun
> remote xxx.xxx.xxx.xxx
> auth-user-pass
> client
> ca certauthorityfile.crt
> cert usercert.crt
> key userkey.key
> verb 1
> 
> Server Side config file:
> dev tun0
> server 10.8.0.0 255.255.255.0
> port 1194
> verb 4
> dh diffeehellmanpem.pem
> ca certauthorityfile.crt
> cert servercert.crt
> key serverkey.key  # This file should be kept secret
> crl-verify servercrllist.crl
> push "route 192.168.0.0 255.255.255.0" # Your internal network
> push "dhcp-option DNS 192.168.0.10" # Your internal DNS server 1
> push "dhcp-option DNS 192.168.0.7" # Your internal DNS server 2
> push "dhcp-option WINS 192.168.0.7" # Your internal WINS server (Samba 
> server)
> push "ping-restart"
> plugin /etc/openvpn/modules/openvpn-auth-pam.so login # This 
> authenticates the users against the login service
> keepalive 10 30
> status /var/log/openvpn-status.log
> log /var/log/openvpn.log
> daemon
> 
> 
> 
> 
> _______________________________________________
> Sussex mailing list
> Sussex at mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/sussex
> 


-- 
Registered Linux user : 376901

More information about the Sussex mailing list