[Samba] Access denied to samba server from win7 64bit behind a VPN

Vincent Malien admin at socofer.com
Mon May 16 06:37:38 MDT 2011 

  this morning, I added entries to the files lmhosts.sam and hosts for 
this server and access is allowed now.
thanks for your help.

Le 13/05/2011 17:04, Vincent Malien a écrit :
>  it's a site-to-site VPN
> Sorry, my colleague on the other site just shut-down & gone. I'll test 
> monday, but I think you mean "net view \\IP_ADDRESS_OF_SERVER".
> Le 13/05/2011 16:33, Gaiseric Vandal a écrit :
>> Is this a client-to-site or site-to-site VPN?
>>
>> Does "new view \\IP_ADDRESS_OF_SERVER" work?
>>
>> I have one samba server (compiled from source) where Windows VPN 
>> clients can't access it by name UNLESS using either WINS ior an 
>> lmhosts file is configured.   packet sniffing showed the client 
>> connecting and an initial response, but then the nothing else.   
>> Clearly not a problem with the clients which could  access every 
>> other samba or windows server over the VPN.     Some Win machines 
>> were domain members, some weren't.
>>
>>
>>
>> On 05/13/2011 10:00 AM, Vincent Malien wrote:
>>>  Hi,
>>>
>>> I have a problem of Access denied to samba server from win7 64bit 
>>> behind a VPN.
>>> the samba server is 3.2.5-4 release on a debian lenny (I will 
>>> upgrade it soon), member of a win2K AD domain.
>>> the win7 PCs are on the same AD domain, they can access to an other 
>>> samba server witch is very similar (same release, same smb.conf, 
>>> same VPN config).
>>> If I do on a win7 PC: net view \\srvlinux
>>> I see:
>>> L'erreur système 5 s'est produite.
>>> Accès refusé.
>>> on srvlinux, in /var/log/samba/log.PCname, I see:
>>> [2011/05/13 11:26:34,  0] lib/util_sock.c:read_socket_with_timeout(939)
>>> [2011/05/13 11:26:34,  0] lib/util_sock.c:get_peer_addr_internal(1683)
>>>   getpeername failed. Error was Noeud final de transport n'est pas 
>>> connecté
>>>   read_socket_with_timeout: client 0.0.0.0 read error = Connexion 
>>> ré-initialisée par le correspondant.
>>> I think this timeout is because of  the VPN link, but it's the same 
>>> log on the other samba server witch I can access.
>>> I tried to un-join & join server & PC to the domain, but it didn't 
>>> solved.  I also tried with several windows user who can access 
>>> srvlinux from other PCs on the two sides of the VPN.
>>> Any help is welcome .
>>> Vincent MALIEN
>>>
>>> this is my smb.conf:
>>> [global]
>>>    workgroup = SOCOFER
>>>    server string = %h server web interne et FTP (Samba %v)
>>> ;   wins server = w.x.y.z
>>>    dns proxy = no
>>> ;   name resolve order = lmhosts host wins bcast
>>> ;   interfaces = 127.0.0.0/8 eth0
>>> ;   bind interfaces only = yes
>>>    dos charset = cp850
>>>    unix charset = ISO-8859-1
>>>    log file = /var/log/samba/log.%m
>>>    max log size = 1000
>>>    syslog = 0
>>>    panic action = /usr/share/samba/panic-action %d
>>>    security = ADS
>>>    realm = SOCOFER.DOM
>>>    password server = 192.168.5.44
>>>    client use spnego = yes
>>>    encrypt passwords = true
>>>    passdb backend = tdbsam
>>>    obey pam restrictions = yes
>>>    unix password sync = yes
>>>    passwd program = /usr/bin/passwd %u
>>>    passwd chat = *Enter\snew\s*\spassword:* %n\n 
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>    pam password change = yes
>>> ;   domain logons = yes
>>> ;   logon path = \\%N\profiles\%U
>>> ;   logon drive = H:
>>> ;   logon script = logon.cmd
>>> ; add user script = /usr/sbin/adduser --quiet --disabled-password 
>>> --gecos "" %u
>>> ; add machine script  = /usr/sbin/useradd -g machines -c "%u machine 
>>> account" -d /var/lib/samba -s /bin/false %u
>>> ; add group script = /usr/sbin/addgroup --force-badname %g
>>> ;   printing = bsd
>>> ;   printcap name = /etc/printcap
>>> ;   printing = cups
>>> ;   printcap name = cups
>>> ;   include = /home/samba/etc/smb.conf.%m
>>> ;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm 
>>> %s' &
>>>    winbind separator = +
>>>    idmap uid = 10000-20000
>>>    idmap gid = 10000-20000
>>>    template homedir = /home/%D/%U
>>>    template shell = /bin/bash
>>>    winbind enum groups = yes
>>>    winbind enum users = yes
>>>    usershare max shares = 100
>>>    winbind use default domain = yes
>>> # empêche le client de devenir maitre explorateur
>>>    domain master = no
>>>    local master = no
>>>    preferred master = no
>>>    os level = 0
>>> [homes]
>>>    comment = Home Directories
>>>    browseable = yes
>>>    writable = yes
>>>    create mask = 0777
>>>    directory mask = 0777
>>>    valid users = %S
>>
>

More information about the samba mailing list