Samba share is on Ubuntu 8.04
Samba config is below:
# Name mangling options ; preserve case = yes ; short preserve case = yes # Most people will find that this option gives better performance. # See smb.conf(5) and /usr/share/doc/samba-doc/htmldocs/speed.html # for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY #======================= Share Definitions ======================= [public] comment = Public Directory path = /home/public # inherit permissions = no # public = yes read only = no # writeable = yes # force create mode = 0775 # force directory mode = 6775 # force user = nobody # force group = users guest ok = yes guest only = yes
Out put from samba error log when I try to connect to the share over vpn:
[2011/04/07 15:01:23, 0] lib/access.c:check_access(327) Denied connection from (10.0.1.2) [2011/04/07 15:01:23, 1] smbd/process.c:process_smb(1062) Connection denied from 10.0.1.2 [2011/04/07 15:01:23, 0] lib/access.c:check_access(327) Denied connection from (10.0.1.2) [2011/04/07 15:01:23, 1] smbd/process.c:process_smb(1062) Connection denied from 10.0.1.2 [2011/04/07 15:01:31, 0] lib/access.c:check_access(327) Denied connection from (10.0.1.2) [2011/04/07 15:01:31, 1] smbd/process.c:process_smb(1062) Connection denied from 10.0.1.2
I'm trying to access this share on Windows 7.
If anyone request any other information I'll post here:
When connecting via VPN my ip will be 10.0.1.x
On site it would be 10.0.0.x
IPTABLES -L shows no rules set up
The error log is pretty clear :
I guess the VPN clients are not in the same subnet as the lan, and there is some kind of ACL on the samba server to deny request from clients that are not on your lan.
Edit:
looking at your other question regarding this issue, your lan appears to be in 10.0.0.0/24. The client is in 10.0.1.2(/24 ?). The network acl issue make sense.
Edit2:
This should be Samba access-lists, not iptables. If iptables were blocking, the packets would have been dropped and nothing appeared in the logs.
Edit3:
Try to add the following in your smb.conf :
and reload samba. This should allow networks 10.0.0.0/24 and 10.0.1.0/24 to access the shares.