[Samba] Access denied to samba server from win7 64bit behind a VPN

Vincent Malien admin at socofer.com
Fri May 13 09:04:40 MDT 2011 

  it's a site-to-site VPN
Sorry, my colleague on the other site just shut-down & gone. I'll test 
monday, but I think you mean "net view \\IP_ADDRESS_OF_SERVER".
Le 13/05/2011 16:33, Gaiseric Vandal a écrit :
> Is this a client-to-site or site-to-site VPN?
>
> Does "new view \\IP_ADDRESS_OF_SERVER" work?
>
> I have one samba server (compiled from source) where Windows VPN 
> clients can't access it by name UNLESS using either WINS ior an 
> lmhosts file is configured.   packet sniffing showed the client 
> connecting and an initial response, but then the nothing else.   
> Clearly not a problem with the clients which could  access every other 
> samba or windows server over the VPN.     Some Win machines were 
> domain members, some weren't.
>
>
>
> On 05/13/2011 10:00 AM, Vincent Malien wrote:
>>  Hi,
>>
>> I have a problem of Access denied to samba server from win7 64bit 
>> behind a VPN.
>> the samba server is 3.2.5-4 release on a debian lenny (I will upgrade 
>> it soon), member of a win2K AD domain.
>> the win7 PCs are on the same AD domain, they can access to an other 
>> samba server witch is very similar (same release, same smb.conf, same 
>> VPN config).
>> If I do on a win7 PC: net view \\srvlinux
>> I see:
>> L'erreur système 5 s'est produite.
>> Accès refusé.
>> on srvlinux, in /var/log/samba/log.PCname, I see:
>> [2011/05/13 11:26:34,  0] lib/util_sock.c:read_socket_with_timeout(939)
>> [2011/05/13 11:26:34,  0] lib/util_sock.c:get_peer_addr_internal(1683)
>>   getpeername failed. Error was Noeud final de transport n'est pas 
>> connecté
>>   read_socket_with_timeout: client 0.0.0.0 read error = Connexion 
>> ré-initialisée par le correspondant.
>> I think this timeout is because of  the VPN link, but it's the same 
>> log on the other samba server witch I can access.
>> I tried to un-join & join server & PC to the domain, but it didn't 
>> solved.  I also tried with several windows user who can access 
>> srvlinux from other PCs on the two sides of the VPN.
>> Any help is welcome .
>> Vincent MALIEN
>>
>> this is my smb.conf:
>> [global]
>>    workgroup = SOCOFER
>>    server string = %h server web interne et FTP (Samba %v)
>> ;   wins server = w.x.y.z
>>    dns proxy = no
>> ;   name resolve order = lmhosts host wins bcast
>> ;   interfaces = 127.0.0.0/8 eth0
>> ;   bind interfaces only = yes
>>    dos charset = cp850
>>    unix charset = ISO-8859-1
>>    log file = /var/log/samba/log.%m
>>    max log size = 1000
>>    syslog = 0
>>    panic action = /usr/share/samba/panic-action %d
>>    security = ADS
>>    realm = SOCOFER.DOM
>>    password server = 192.168.5.44
>>    client use spnego = yes
>>    encrypt passwords = true
>>    passdb backend = tdbsam
>>    obey pam restrictions = yes
>>    unix password sync = yes
>>    passwd program = /usr/bin/passwd %u
>>    passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>    pam password change = yes
>> ;   domain logons = yes
>> ;   logon path = \\%N\profiles\%U
>> ;   logon drive = H:
>> ;   logon script = logon.cmd
>> ; add user script = /usr/sbin/adduser --quiet --disabled-password 
>> --gecos "" %u
>> ; add machine script  = /usr/sbin/useradd -g machines -c "%u machine 
>> account" -d /var/lib/samba -s /bin/false %u
>> ; add group script = /usr/sbin/addgroup --force-badname %g
>> ;   printing = bsd
>> ;   printcap name = /etc/printcap
>> ;   printing = cups
>> ;   printcap name = cups
>> ;   include = /home/samba/etc/smb.conf.%m
>> ;   message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm 
>> %s' &
>>    winbind separator = +
>>    idmap uid = 10000-20000
>>    idmap gid = 10000-20000
>>    template homedir = /home/%D/%U
>>    template shell = /bin/bash
>>    winbind enum groups = yes
>>    winbind enum users = yes
>>    usershare max shares = 100
>>    winbind use default domain = yes
>> # empêche le client de devenir maitre explorateur
>>    domain master = no
>>    local master = no
>>    preferred master = no
>>    os level = 0
>> [homes]
>>    comment = Home Directories
>>    browseable = yes
>>    writable = yes
>>    create mask = 0777
>>    directory mask = 0777
>>    valid users = %S
>

More information about the samba mailing list