so i guess this is kind of a strange, and seemingly complicated problem. I have a DMVPN (for arguments sake, lets just say its a site-to-site, as the functionality seems the same so far) set up between 2 cisco routers between our corp HQ and a branch office. as far as the vpn tunnel goes, everything seems to be working fantastic. traffic flows fine in both directions, i can ssh, vnc, and seemingly use (almost) any protocol i need to from one side to the other.

oh the HQ end of the vpn tunnel, we have a samba domain controller set up on a debian etch machine, with samba handing out various network shares to the users. on the branch office end, we will have nothing but windows users that need to log into this domain and map those shares to be able to function from one day to the next. now the problem that we're having thus far is that the windows clients on the branch end cannot even SEE the domain on the HQ end of the vpn tunnel, regardless of what ive tried thus far.

So far, ive tried to use a lmhosts file on the client machines to point them to the domain controller, to no avail, setting the IP of the domain controller in the client machine's dns did nothing, and i even found this link: http://support.microsoft.com/kb/244474 that made me wonder if the issue could be caused by UDP packet fragmentation due to the vpn tunnel, but that registry hack didnt work either.

at this point, im kind of at the end of my rope wondering why in the world my clients cant see the domain at all from the other end of a vpn tunnel, when those same machines work just fine when theyre on the local LAN. im open to suggestions folks, any help would be GREATLY appreciated.

well we finally nailed down the solution to this problem, and it seemed to be 3 fold. im going to go ahead and post the solution(s) here just in case anybody else has a similar problem and in hopes that this post may be helpful in the future.

(1) the smb.conf file on the domain controller needed the remote subnet added to allow clients on the remote end of the VPN tunnel to authenticate to the domain controller.

(2) added port forwarding to the router on the remote end of the tunnel to forward netbios traffic bound for the router (on the remote end) to the domain controller on the server (local) end of the tunnel.

(3) removed remote client from the domain and then re-join the remote client to the domain, while the remote client has an IP from the remote end's dhcp server.

after fiddling with the remote client and rebooting the XP box a couple of times (yea, we all know how the reset button on a windows machine can be the universal "fix everything" button) we were finally able to get the remote client to not only authenticate to the domain, but also map the network share drives with full functionality.