Topic: VPN & WINS

[Kelvin]

Hi all,

This is an old problem but searching the forums did not turn up a working solution.

Here's the scenario.

External clients VPN into the LAN through SME 5.1.2 configured as Domain master for the LAN.

External clients shows the DNS and WINS servers as the SME 5.1.2 server (as expected). However, we cannot resolve any NetBIOS names on the external clients (ie. ping somepconlan fails because the clients cannot find somepconlan). Pinging the LAN PC's IP address works. This means we cannot map drives via Netbios names, etc. on the external clients. External WinXP/W2K clients can get around the problem by mapping via the IP address but this is also undesirable. External Win9x clients cannot do this. For reasons I cannot go into, setting IP addresses in local LMHOSTS files of the external clients to get around the problem is totally out of the question.

Setting WINS server to another WINS server on the LAN (a W2K Server) works with a delay prior to resolving the name. But not all installations will have a local W2K server to delegate WINS to and thus would like to get WINS to work as required on the SME server.

I have tried setting the LMHOSTS and hosts files on the SME server but that only seems to help the SME server itself resolve names not remote clients (playing with name resolve order in smb.conf made absolutely no difference).

Is there a way to enter static WINS entries (like in W2K server) under SME ? Like I said I've tried putting them into lmhosts and hosts and that made no difference to the VPN Clients. Does this functionality even work at all under SME as I know it does work properly with a M$ server.

Kelvin

[Boris]

try to add those LAN hosts with shares into "hostnames and addresses" via server-manager.

[iwan]

just adding entries in LAN hosts into "hostnames and addresses" is not enough.  though you can use this in a way for entering "static" wins entries.

just today i got to play with this very setting, here are what i found out so far that "works"

1.  with the stock sme 5.1.2
- i need to add the wins address and the dns address of sme on the pptp tcp/ip settings.  for some reason when adding just wins address, it cause the pptp to unable getting the dns address automatically.  the default setting will set the address and dns, but no wins.
- modify /etc/samba/smb.conf     make sure the followings are true
  "dns proxy = yes"
  "name resolve order = wins lmhosts hosts bcast"
  "wins support = yes"
- add LAN hosts into "hostnames and addresses" in server-manager
- restart samba.   /etc/rc.d/init.d/smb restart
note: everytime you add hosts, you need to restart samba.

2. with upgraded samba to samba 2.2.5-4
- modify /etc/samba/smb.conf     make sure the followings are true
  "dns proxy = yes"
  "name resolve order = wins lmhosts hosts bcast"
  "wins support = yes"
- add static addresses (servers) to "hostnames and addresses" in server-manager
- it just works so far..  and no need to restrart samba.
- pptp will get the right settings ..  ip address, dns address, and wins address

above are true on my side using win2k as client.   haven't tested on win9x client at the moment, but i don't expect to be any different.
i am no way an expert, only a beginner on linux.  i got a hint on this from http://slugarchives.nks.net/List/slug.archive.0108/0805.html
so i can't answer any technical questions on sme or samba.  i should also mention that making the template for the changes would be a good idea.  

hope this help,
iwan

[Kelvin]

Thanks Iwan and Boris for your responses.

However, I failed to mention in my original post that I already have put in the entries via hostnames and addresses without "proper" working results - I'll qualify that below.

By the way Iwan, on a stock SME 5.1.2 server, if you configured the server as a Domain Master, you should find that the necessary WINS settings should have been setup correctly for you already - you don't have to modify smb.conf by hand. That's why when you VPN in and check (on W2K, with IPCONFIG /all ), you will find that the PPP adapter will already have the SME server set as the DNS and WINS server as expected.

Also, if external client was setup for Domain networking with a domain name that matches the domain for the local host you setup via Hostnames and Addresses, then you can ping that NetBIOS name (because I think the system automatically appends the domain to the name). But if your workgroup or domain name for the external client does not match the domain name of the local host you created (like say you are VPNing in from another network or site), then pinging the NetBIOS name will not work. You could still ping the full DNS name (ie. pconthelan.thelandomain.com), but not just the NetBIOS name by itself (ie. you cannot just ping pconthelan).

Could anyone explain for the samba part of the SME server, are the lmhosts and hosts files only used by the SME server itself and not for helping clients resolve names or is it supposed to work for the clients as well ? As indicated in my original post, I found that setting the hosts file in SME helps SME itself resolve names but made no difference to the external clients unless I missed something.

Kelvin

[Oluf Nissen]

Hi Kelvin,

I don't know if this helps at all or is even relevant to your setup, but if you have a personal software firewall on the windows clients, it helps to add the subnet of the machines you want to access to the software firewall's local/trusted network. It helped me with getting a Win98 client to browse the SME machine. I have not tried accessing other machines on the remote LAN.

As far as LMHOSTS is concerned, that is a file used by clients to find their way around the network. Microsoft has several articles that talk about the file and netbios names. Check out Q180094, Q150800, Q163409 and Q180099 in the MS Knowledgebase.

-Oluf

[Kelvin]

Hi Oluf,

Thanks for your response.

> if you have a personal software firewall on the windows clients

Nope.


> LMHOSTS is concerned, that is a file used by clients to find their way around the network

I was actually referring to the LMHOST & hosts files on the SME server itself, not the windows clients (whose function is obvious). I wanted to know how SME and samba itself makes use of these files as the hosts file only seems to help SME itself resolve names but not VPN clients and the LMHOSTS files does not appear to do anything at all (client or SME).

Kelvin