Samba share not accessible from a VPN client

Prev: How can I change the order of init scripts?
Next: Help new Debian user

From: Javier Barroso on 7 Jun 2010 15:30

---

On Mon, Jun 7, 2010 at 9:11 PM, Javier Barroso <javibarroso(a)gmail.com>wrote:

> Hi,
>
> On Mon, Jun 7, 2010 at 7:36 PM, H.S. <hs.samix(a)gmail.com> wrote:
>
>> On 07/06/10 01:04 PM, Márcio Luciano Donada wrote:
>> > Em 7/6/2010 13:54, H.S. escreveu:
>> >> Consider a LAN with a Debian machine as a router. The Debian machine
>> >> has three interfaces, eth0, eth1 and wlan0. The interface for VPN is
>> tun0.
>> >> ,----------.
>> >> ppp0 <------eth1 eth0--192.168.0.0/24--->to LAN switch
>> >> | wlan0--192.168.5.0/24---> WLAN
>> >> | tun0--172.16.15.0/24---> VPN
>> >> |__________|
>> >>
>> >> |
>> >> Router, Samba and VPN server machine
>> >>
>> >>
>> >> Now, I have generated the certificates and keys for the VPN server
>> >> for various client.
>> >>
>> >
>> > Protocol CIFS not roteable. Please read on DNS or wins server (degraded)
>> > for solution.
>>
>> Sorry, I don't think I understand. Could you explain a bit more what I
>> am looking for?
>>
>> With a VPN connection established on the wireless machine as a client, I
>> can connect my samba share on the server through its LAN ip address
>> (192.168.0.1) but not by using VPN gateway address (172.16.15.1). The
>> latter try gives "connection refused" if I try to do it using "sudo
>> smbmount //172.16.15.1/share /path/to/mountpoint -o user=gues"
>>
> Did you check "hosts allow" parameter from smb.conf in your server ?
>
> I'm not sure if it can works, so please tell us if you get this working :)
>
It works for me !, but my mount command was telling me about host was down
....

Regards,

From: H.S. on 7 Jun 2010 15:40

---

On 07/06/10 03:28 PM, H.S. wrote:
> On 07/06/10 03:11 PM, Javier Barroso wrote:
>> Hi,
>> Did you check "hosts allow" parameter from smb.conf in your server ?
>>
>> I'm not sure if it can works, so please tell us if you get this working :)
>>
>> Regards,
>>
>
> I didn't have that in smb.conf file at all. I have included the
> following lines in it and restarted samba:
> hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24
> hosts deny = 0.0.0.0/0
>
> So no client from the wireless LAN (192.168.5.0/24) is allowed, and only
> from the wired LAN and VPN are allowed.
>
> I see a samba log file for the VPN client from which I am trying to
> access the shared folder. Here are the last few lines(the log has lines
> from earlier today as well which say similar stuff as below):
> [2010/06/07 13:58:21, 1] smbd/service.c:1063(make_connection_snum)
> 172.16.15.22 (172.16.15.22) connect to service SharedFolder initially
> as user nobody (uid=65534, gid=65534) (pid 8948)
> [2010/06/07 13:58:46, 1] smbd/service.c:1240(close_cnum)
> 172.16.15.22 (172.16.15.22) closed connection to service SharedFolder
>
>
> Does this give any further clues?
>
>

Sorry, I misinterpreted those log lines. They are from a couple of hours
old. For some reason, I am not getting any logs named after VPN client's
IP now but I am still getting a connection refused on the VPN client if
I try to smbmount the samba share.



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/hujhg0$g6p$2(a)dough.gmane.org

From: H.S. on 7 Jun 2010 16:00

---

On 07/06/10 03:32 PM, H.S. wrote:
> On 07/06/10 03:28 PM, H.S. wrote:
>> On 07/06/10 03:11 PM, Javier Barroso wrote:
>>> Hi,
>>> Did you check "hosts allow" parameter from smb.conf in your server ?
>>>
>>> I'm not sure if it can works, so please tell us if you get this working :)
>>>
>>> Regards,
>>>
>>
>> I didn't have that in smb.conf file at all. I have included the
>> following lines in it and restarted samba:
>> hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24
>> hosts deny = 0.0.0.0/0
>>
>> So no client from the wireless LAN (192.168.5.0/24) is allowed, and only
>> from the wired LAN and VPN are allowed.
>>
>> I see a samba log file for the VPN client from which I am trying to
>> access the shared folder. Here are the last few lines(the log has lines
>> from earlier today as well which say similar stuff as below):
>> [2010/06/07 13:58:21, 1] smbd/service.c:1063(make_connection_snum)
>> 172.16.15.22 (172.16.15.22) connect to service SharedFolder initially
>> as user nobody (uid=65534, gid=65534) (pid 8948)
>> [2010/06/07 13:58:46, 1] smbd/service.c:1240(close_cnum)
>> 172.16.15.22 (172.16.15.22) closed connection to service SharedFolder
>>
>>
>> Does this give any further clues?

A little success. I commented out the following option from smb.conf and
now I can connect to the share from a VPN client:
; interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.5.0/24


However, I can not only use "sudo smbmount ..." command to access the
samba share. The Network browser from Gnome still does not show the
share while a VPN client. The VPN client is a laptop running Ubuntu Karmic.


--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/hujimk$m3h$1(a)dough.gmane.org

From: H.S. on 7 Jun 2010 16:10

---

On 07/06/10 03:52 PM, H.S. wrote:
>
> A little success. I commented out the following option from smb.conf and
> now I can connect to the share from a VPN client:
> ; interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.5.0/24
>
>
> However, I can not only use "sudo smbmount ..." command to access the

.... "I can noW only use ...". Sorry for the typo.


> samba share. The Network browser from Gnome still does not show the
> share while a VPN client. The VPN client is a laptop running Ubuntu Karmic.
>
>


--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/hujitm$mqd$1(a)dough.gmane.org

From: Javier Barroso on 7 Jun 2010 16:30

---

On Mon, Jun 7, 2010 at 9:52 PM, H.S. <hs.samix(a)gmail.com> wrote:

> On 07/06/10 03:32 PM, H.S. wrote:
> > On 07/06/10 03:28 PM, H.S. wrote:
> >> On 07/06/10 03:11 PM, Javier Barroso wrote:
> >>> Hi,
> >>> Did you check "hosts allow" parameter from smb.conf in your server ?
> >>>
> >>> I'm not sure if it can works, so please tell us if you get this working
> :)
> >>>
> >>> Regards,
> >>>
> >>
> >> I didn't have that in smb.conf file at all. I have included the
> >> following lines in it and restarted samba:
> >> hosts allow = 127.0.0.1 192.168.0.0/24 172.16.15.0/24
> >> hosts deny = 0.0.0.0/0
> >>
> >> So no client from the wireless LAN (192.168.5.0/24) is allowed, and
> only
> >> from the wired LAN and VPN are allowed.
> >>
> >> I see a samba log file for the VPN client from which I am trying to
> >> access the shared folder. Here are the last few lines(the log has lines
> >> from earlier today as well which say similar stuff as below):
> >> [2010/06/07 13:58:21, 1] smbd/service.c:1063(make_connection_snum)
> >> 172.16.15.22 (172.16.15.22) connect to service SharedFolder initially
> >> as user nobody (uid=65534, gid=65534) (pid 8948)
> >> [2010/06/07 13:58:46, 1] smbd/service.c:1240(close_cnum)
> >> 172.16.15.22 (172.16.15.22) closed connection to service SharedFolder
> >>
> >>
> >> Does this give any further clues?
>
> A little success. I commented out the following option from smb.conf and
> now I can connect to the share from a VPN client:
> ; interfaces = 127.0.0.0/8 172.16.15.0/24 192.168.5.0/24
>
>
> However, I can not only use "sudo smbmount ..." command to access the
> samba share. The Network browser from Gnome still does not show the
> share while a VPN client. The VPN client is a laptop running Ubuntu Karmic.
>

You may need to have 2 servers to do it (one replicating network map from
master). Read in samba howto:

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2585378

Regards,

First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: How can I change the order of init scripts?
Next: Help new Debian user