[Samba] Access denied to samba server from win7 64bit behind a VPN
Vincent Malien
admin at socofer.com
Mon May 16 06:37:38 MDT 2011
this morning, I added entries to the files lmhosts.sam and hosts for
this server and access is allowed now.
thanks for your help.
Le 13/05/2011 17:04, Vincent Malien a écrit :
> it's a site-to-site VPN
> Sorry, my colleague on the other site just shut-down & gone. I'll test
> monday, but I think you mean "net view \\IP_ADDRESS_OF_SERVER".
> Le 13/05/2011 16:33, Gaiseric Vandal a écrit :
>> Is this a client-to-site or site-to-site VPN?
>>
>> Does "new view \\IP_ADDRESS_OF_SERVER" work?
>>
>> I have one samba server (compiled from source) where Windows VPN
>> clients can't access it by name UNLESS using either WINS ior an
>> lmhosts file is configured. packet sniffing showed the client
>> connecting and an initial response, but then the nothing else.
>> Clearly not a problem with the clients which could access every
>> other samba or windows server over the VPN. Some Win machines
>> were domain members, some weren't.
>>
>>
>>
>> On 05/13/2011 10:00 AM, Vincent Malien wrote:
>>> Hi,
>>>
>>> I have a problem of Access denied to samba server from win7 64bit
>>> behind a VPN.
>>> the samba server is 3.2.5-4 release on a debian lenny (I will
>>> upgrade it soon), member of a win2K AD domain.
>>> the win7 PCs are on the same AD domain, they can access to an other
>>> samba server witch is very similar (same release, same smb.conf,
>>> same VPN config).
>>> If I do on a win7 PC: net view \\srvlinux
>>> I see:
>>> L'erreur système 5 s'est produite.
>>> Accès refusé.
>>> on srvlinux, in /var/log/samba/log.PCname, I see:
>>> [2011/05/13 11:26:34, 0] lib/util_sock.c:read_socket_with_timeout(939)
>>> [2011/05/13 11:26:34, 0] lib/util_sock.c:get_peer_addr_internal(1683)
>>> getpeername failed. Error was Noeud final de transport n'est pas
>>> connecté
>>> read_socket_with_timeout: client 0.0.0.0 read error = Connexion
>>> ré-initialisée par le correspondant.
>>> I think this timeout is because of the VPN link, but it's the same
>>> log on the other samba server witch I can access.
>>> I tried to un-join & join server & PC to the domain, but it didn't
>>> solved. I also tried with several windows user who can access
>>> srvlinux from other PCs on the two sides of the VPN.
>>> Any help is welcome .
>>> Vincent MALIEN
>>>
>>> this is my smb.conf:
>>> [global]
>>> workgroup = SOCOFER
>>> server string = %h server web interne et FTP (Samba %v)
>>> ; wins server = w.x.y.z
>>> dns proxy = no
>>> ; name resolve order = lmhosts host wins bcast
>>> ; interfaces = 127.0.0.0/8 eth0
>>> ; bind interfaces only = yes
>>> dos charset = cp850
>>> unix charset = ISO-8859-1
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> syslog = 0
>>> panic action = /usr/share/samba/panic-action %d
>>> security = ADS
>>> realm = SOCOFER.DOM
>>> password server = 192.168.5.44
>>> client use spnego = yes
>>> encrypt passwords = true
>>> passdb backend = tdbsam
>>> obey pam restrictions = yes
>>> unix password sync = yes
>>> passwd program = /usr/bin/passwd %u
>>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>> pam password change = yes
>>> ; domain logons = yes
>>> ; logon path = \\%N\profiles\%U
>>> ; logon drive = H:
>>> ; logon script = logon.cmd
>>> ; add user script = /usr/sbin/adduser --quiet --disabled-password
>>> --gecos "" %u
>>> ; add machine script = /usr/sbin/useradd -g machines -c "%u machine
>>> account" -d /var/lib/samba -s /bin/false %u
>>> ; add group script = /usr/sbin/addgroup --force-badname %g
>>> ; printing = bsd
>>> ; printcap name = /etc/printcap
>>> ; printing = cups
>>> ; printcap name = cups
>>> ; include = /home/samba/etc/smb.conf.%m
>>> ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm
>>> %s' &
>>> winbind separator = +
>>> idmap uid = 10000-20000
>>> idmap gid = 10000-20000
>>> template homedir = /home/%D/%U
>>> template shell = /bin/bash
>>> winbind enum groups = yes
>>> winbind enum users = yes
>>> usershare max shares = 100
>>> winbind use default domain = yes
>>> # empêche le client de devenir maitre explorateur
>>> domain master = no
>>> local master = no
>>> preferred master = no
>>> os level = 0
>>> [homes]
>>> comment = Home Directories
>>> browseable = yes
>>> writable = yes
>>> create mask = 0777
>>> directory mask = 0777
>>> valid users = %S
>>
>
More information about the samba
mailing list