[Samba] Access denied to samba server from win7 64bit behind a VPN
Vincent Malien
admin at socofer.com
Fri May 13 09:04:40 MDT 2011
it's a site-to-site VPN
Sorry, my colleague on the other site just shut-down & gone. I'll test
monday, but I think you mean "net view \\IP_ADDRESS_OF_SERVER".
Le 13/05/2011 16:33, Gaiseric Vandal a écrit :
> Is this a client-to-site or site-to-site VPN?
>
> Does "new view \\IP_ADDRESS_OF_SERVER" work?
>
> I have one samba server (compiled from source) where Windows VPN
> clients can't access it by name UNLESS using either WINS ior an
> lmhosts file is configured. packet sniffing showed the client
> connecting and an initial response, but then the nothing else.
> Clearly not a problem with the clients which could access every other
> samba or windows server over the VPN. Some Win machines were
> domain members, some weren't.
>
>
>
> On 05/13/2011 10:00 AM, Vincent Malien wrote:
>> Hi,
>>
>> I have a problem of Access denied to samba server from win7 64bit
>> behind a VPN.
>> the samba server is 3.2.5-4 release on a debian lenny (I will upgrade
>> it soon), member of a win2K AD domain.
>> the win7 PCs are on the same AD domain, they can access to an other
>> samba server witch is very similar (same release, same smb.conf, same
>> VPN config).
>> If I do on a win7 PC: net view \\srvlinux
>> I see:
>> L'erreur système 5 s'est produite.
>> Accès refusé.
>> on srvlinux, in /var/log/samba/log.PCname, I see:
>> [2011/05/13 11:26:34, 0] lib/util_sock.c:read_socket_with_timeout(939)
>> [2011/05/13 11:26:34, 0] lib/util_sock.c:get_peer_addr_internal(1683)
>> getpeername failed. Error was Noeud final de transport n'est pas
>> connecté
>> read_socket_with_timeout: client 0.0.0.0 read error = Connexion
>> ré-initialisée par le correspondant.
>> I think this timeout is because of the VPN link, but it's the same
>> log on the other samba server witch I can access.
>> I tried to un-join & join server & PC to the domain, but it didn't
>> solved. I also tried with several windows user who can access
>> srvlinux from other PCs on the two sides of the VPN.
>> Any help is welcome .
>> Vincent MALIEN
>>
>> this is my smb.conf:
>> [global]
>> workgroup = SOCOFER
>> server string = %h server web interne et FTP (Samba %v)
>> ; wins server = w.x.y.z
>> dns proxy = no
>> ; name resolve order = lmhosts host wins bcast
>> ; interfaces = 127.0.0.0/8 eth0
>> ; bind interfaces only = yes
>> dos charset = cp850
>> unix charset = ISO-8859-1
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> syslog = 0
>> panic action = /usr/share/samba/panic-action %d
>> security = ADS
>> realm = SOCOFER.DOM
>> password server = 192.168.5.44
>> client use spnego = yes
>> encrypt passwords = true
>> passdb backend = tdbsam
>> obey pam restrictions = yes
>> unix password sync = yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> pam password change = yes
>> ; domain logons = yes
>> ; logon path = \\%N\profiles\%U
>> ; logon drive = H:
>> ; logon script = logon.cmd
>> ; add user script = /usr/sbin/adduser --quiet --disabled-password
>> --gecos "" %u
>> ; add machine script = /usr/sbin/useradd -g machines -c "%u machine
>> account" -d /var/lib/samba -s /bin/false %u
>> ; add group script = /usr/sbin/addgroup --force-badname %g
>> ; printing = bsd
>> ; printcap name = /etc/printcap
>> ; printing = cups
>> ; printcap name = cups
>> ; include = /home/samba/etc/smb.conf.%m
>> ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm
>> %s' &
>> winbind separator = +
>> idmap uid = 10000-20000
>> idmap gid = 10000-20000
>> template homedir = /home/%D/%U
>> template shell = /bin/bash
>> winbind enum groups = yes
>> winbind enum users = yes
>> usershare max shares = 100
>> winbind use default domain = yes
>> # empêche le client de devenir maitre explorateur
>> domain master = no
>> local master = no
>> preferred master = no
>> os level = 0
>> [homes]
>> comment = Home Directories
>> browseable = yes
>> writable = yes
>> create mask = 0777
>> directory mask = 0777
>> valid users = %S
>
More information about the samba
mailing list