Topic: Please, help! I´m stuck, cant reach documents thru VPN

[Lars]

Please, help me!

I have asked this question before, but unfortunately no one seems to be able to answer.

I´m getting a little desperate... working temporarely in Norway with my own network in Sweden. VPN works fine, except that I can´t reach the documents in my own password protected W2k desktop behind my e-smith 4.1.2 server! I have the same ID and password in my e-smith as in my desktop, but it still tells me I´m not authorized. I reach all shared folders, as the "Documents and settings" folder, but the only users that allow me access are the ones that have no passwords (a general "guest" on the desktop). Of course I shouldn´t be able to see the other users profiles and documents, but shouldn´t I be able to see my own??

Why doesn´t my e-smith e-smith supply the password to
the desktop in my network?

I´d really appreciate some assistance here.

Regards
Lars

[Patrick Basile]

Lars,

I just did some experimenting on my own VPN setup, and found that you are correct.  I get the same error message 'Access Denied' when I attempt to access folders in, for example - the 'documents and settings/pbasile' folder on the remote Win2k system.

This is weird, especially since I mapped a local drive here to the remote \192.168.1.78\c$ as the remote machine's local admininistrator user, ie 'bentcreek1\admin' - with the admin password.  So I should have TOTAL access to that remote machine.  Hmmm, this is VERY curious.  Seems like a Samba issue perhaps?

Just as an FYI, I am running SME V5 at my remote site with Samba 2.2.2, and the remote desktop is Win2k (+SP2).  Here I am running Win2k (+SP2).

Hope more folks chime in and give us some ideas or thoughts.

Regards,
Patrick

[Lars]

Thank you for your reply. I´m glad that you verified the problem, as I am a Linux beginner but more of a Windows veteran (that´s the reason I don´t use a Windows server...). I thought I had missed something in the e-smith setup, but reading through the e-smith manual I don´t see network passwords mentioned at all in the VPN section.

I have administrator rights on the desktop computer too, but that doesn´t help much, as you mention.

Regards
Lars

[Terry Brummell]

This is just a shot in the dark, but are you logged on to the LOCAL machine you are using the VPN connection from as the same user/password as the W2K machine on the far end lan?  Windows (W2K at the far end) won't use the credentials supplied by Samba for authentication but will rather use the credentials supplied by the logged in user of the LOCAL machine, unless of course you map a drive to the far end machine and use "connect as" and supply the far end machine's user/password.  I wish I had all the hardware needed to test this for you, but I seem to be 1 pc short. Any donations?  hehehe

Terry

Lars wrote:
>
> Thank you for your reply. I´m glad that you verified the
> problem, as I am a Linux beginner but more of a Windows
> veteran (that´s the reason I don´t use a Windows server...).
> I thought I had missed something in the e-smith setup, but
> reading through the e-smith manual I don´t see network
> passwords mentioned at all in the VPN section.
>
> I have administrator rights on the desktop computer too, but
> that doesn´t help much, as you mention.
>
> Regards
> Lars

[Lars]

Wow! Terry, you made my day! I created my user ID and password in the old W98 computer I´m provided with outside my own network, and it works perfectly.

Isn´t this procedure a little too rigorous, though? I mean, it should be possible to reach my profile on site with one login, not two... what if I need to access my documents from a computer that lacks my own user profile?

Anyway, I´m extremely grateful to you, Terry! Thanks again.

Regards
Lars

[Patrick Basile]

Gentlemen,

In my earlier post I did what Terry suggests, and that didn't work.  To test this again, I ran the experiment per Terry's 2nd suggestion of mapping the drive (which is what I did the first time, but heck - doing it again is ok) as the REMOTE machine's local admin account.

Terry Brummell wrote:
> Windows (W2K at the far end) won't use the credentials
> supplied by Samba for authentication but will rather use the
> credentials supplied by the logged in user of the LOCAL
> machine, unless of course you map a drive to the far end
> machine and use "connect as" and supply the far end machine's
> user/password.

I again opened up my VPN to my remote SME V5 server from my Win2k machine here.  I then mapped the S: drive to \192.168.1.78\c$ using the remote machine's(192.168.1.78 = bentcreek002) local admin account - 'bentcreek002\administrator', and the admin password.  The S: drive maps fine, no errors or problems.  Theoretically, as far as that remote machine is concerned, I am logged into it with local admin rights.  But when I try to access and subfolders I get the "Access denied" message.

Something doesn't jive here.  Mapping the drive as the REMOTE machine's local admin user doesn't appear to give the access rights you would normally have if you were running under a native NT4/Win2k domain - which would give you total access to the C: drive.

This must have something to do with Samba - yes/no?  Are there any Samba gurus monitoring this post....your tips/ideas/thoughts would be interesting.  Or am I just missing something?

Regards,
Patrick

[Lars]

I´m getting lost here guys (mapping drives and so forth), too much Linux rookie (the kind of guy e-smith was intended for...). Terrys suggestion works fine for me: I log into the machine abroad with my username and password, then I log into my e-smith server over VPN, which gives me free access to the documents in my private user profile in my own LAN at home.

Regards
Lars

[Terry Brummell]

Patrick, the next thing you need to look at is on your 2K machine that you are trying to access over the VPN, is it using NTFS file system?  If it is you need to make sure you allow access to the share there.  When you use NTFS you have two levels of access to files, local and over the lan, and with NTFS you can set seperate access restrictions for each method for a user.  IE: read/write when accessing locally but read only (or No Access <----by default I think) when accessing over the lan.  Again, I didn't use NTFS on my 2K machine, so I cannot test this theory as well, but from what you are describing this could be the issue.
Hope it helps.

Terry

Patrick Basile wrote:
>
> Gentlemen,
>
> In my earlier post I did what Terry suggests, and that didn't
> work.  To test this again, I ran the experiment per Terry's
> 2nd suggestion of mapping the drive (which is what I did the
> first time, but heck - doing it again is ok) as the REMOTE
> machine's local admin account.
>
> Terry Brummell wrote:
> > Windows (W2K at the far end) won't use the credentials
> > supplied by Samba for authentication but will rather use the
> > credentials supplied by the logged in user of the LOCAL
> > machine, unless of course you map a drive to the far end
> > machine and use "connect as" and supply the far end machine's
> > user/password.
>
> I again opened up my VPN to my remote SME V5 server from my
> Win2k machine here.  I then mapped the S: drive to
> \192.168.1.78\c$ using the remote machine's(192.168.1.78 =
> bentcreek002) local admin account -
> 'bentcreek002\administrator', and the admin password.  The S:
> drive maps fine, no errors or problems.  Theoretically, as
> far as that remote machine is concerned, I am logged into it
> with local admin rights.  But when I try to access and
> subfolders I get the "Access denied" message.
>
> Something doesn't jive here.  Mapping the drive as the REMOTE
> machine's local admin user doesn't appear to give the access
> rights you would normally have if you were running under a
> native NT4/Win2k domain - which would give you total access
> to the C: drive.
>
> This must have something to do with Samba - yes/no?  Are
> there any Samba gurus monitoring this post....your
> tips/ideas/thoughts would be interesting.  Or am I just
> missing something?
>
> Regards,
> Patrick