Topic: Cannot map drives or connect to Ibay

[alext]

I recently installed a fresh SME 7.5 server in Gateway mode and then installed all required updates.
Configuration went smoothly with the server configured as a domain controller handling roaming profiles.
I set up the PPTP settings to allow 6 clients via the Security Settings tab.
I created a user group.
I created users and allocated them to the user group and permitted VPN connections to those who needed it, (me included).
I created a test IBay and allowed READ/WRITE access to the group, access to the entire Internet (Password required outside local network) and execution of dynamic content ENABLED.

I installed the Shared Folders RPM from the SME repository and created a share, (testgbl), that was READ/WRITEABLE by the group.

I successfully created a VPN tunnel from outside the network, (using my login name for testing), and declaring my SME server domain name during the connection, (Windows XP standard VPN client).

I then attempted to map a drive from the Windows workstation using net use G: \\(sme local ip address)\testgbl

I entered my username and password as requested but then got:

   System error 53 has occurred.
   The network path was not found.

I then tried to map a drive via Window Explorer but it kept asking me my username password.

I triple-checked my password and all is OK, (VPN connects fine with the same username password).

I then tried to connect to the test IBay via FireFox and, again, I was constantly asked for my username/password.

So then I made sure of my connection by pinging the server's local IP address from my remotely connected, (via VPN), workstation. This was successful.
I then successfully connected to the server's "Server-Manager" from my remote workstation.

Mapping shares to drives works if I use a workstation within the local network.

Connections to other systems works fine from the same remote workstation.

Am I doing something wrong or did I miss something in my configuration?

Any help would be very welcome and I apologise if I am in the wrong forum...

Cheers,

Alex

[janet]

alext

At the remote site, do you log in to your Windows workstation ?
Windows passes the user login credentials to SME via the VPN connection, so if you have not logged into your workstation then you will be asked for your user credentials (which may be what is happening). These credentials will not match up as you may have not logged into Windows.

Access to ibays via browser with password enabled on the ibay, will ask you to provide login details, but these are the ibayname and the ibaypassword, NOT your username and password.

I do not use that shared folders contrib, I would remove it to see if it is interfering with normal ibay drive mapping via VPN connection (subject to abovementioned considerations).

The other point to note is that you seem to be logging in to the SME domain via VPN. Therefore access rights will be applied by SME server based on the user group membership, and whether the group owns access to the ibay ie ibay read write should be group1 and group1 and the user1 should be a member of group1.

[alext]

Hi Mary,
Thanks for the quick reply.

    At the remote site, do you log in to your Windows workstation ?

Yes, otherwise I would not be able to establish the VPN connection. (Can't run a windows programme without logging in).
In the MS VPN client I have ticked the box entitled  "Include Widows logon domain" in the options tab. This causes the additional "Domain" entry to be displayed on the VPN login dialogue window, (in addition to username and password). Here I enter the SME domain name which I would expect to be passed to the sme server along with the username and password for authentication.

   Access to ibays via browser with password enabled on the ibay...

Oh dear, I knew I had forgotten something...
Thank you. I have set up a password and can now access the Ibay remotely.

   I do not use that shared folders contrib,...

I use it because it gives much better control over access and access rights than using straight Ibays. I have users out in the field that need different classes of access rights to several shares. I may temporarily remove it to see the effect but I really need something like this.

   ...you seem to be logging in to the SME domain via VPN...

Yes I am by supplying the SME domain name/user name/password.
The Ibay is owned by the group which has READ/WRITE access

Once again, thanks for the help.

Cheers,
Alex

[janet]

alext

    At the remote site, do you log in to your Windows workstation ?

Yes, otherwise I would not be able to establish the VPN connection. (Can't run a windows programme without logging in).

Well not exactly what I meant.
I was referring to whether your workstation is configured to log in to Windows Networking and presents users with a user name and password login screen when you first start Windows. 
The alternative commonly used scenario is auto log in without needing to enter a user name and password, or where you have user switching enabled (as you do not log in to networking correctly in these latter situations).

[alext]

Yes, I log in to Windows using username and password. I never use Auto Log in as security is almost non-existant. I never employ user switching.

All users of my client use this method too; most travel and need to connect via VPN to the server. They also connect to other servers via VPN, (i.e different domains, usernames and passwords).

Cheers,
Alex

[janet]

alext

Yes, I log in to Windows using username and password......

OK then, is the username they log in to Windows with, the same as the username on SME server ?

[alext]

No, not necessarily.
They login to their own laptop as a local user using whatever name they have configured then use the VPN connection to create the tunnel using the domain/username/password defined for them on the SME server.
This is successful.
From that point I would assume that from the SME server viewpoint a user is logged into its domain and authenticated via the VPN supplied username/password and would thus have the rights of the same user logged in on a workstation connected to the local LAN.

Maybe I am wrong but that seems to be the logical way of looking at it.
(Yes, I am aware the expression concerning "Assumption"...!)

Just to try it out, I have created an account on my remote machine with the same username as the one I defined on the SME server. Once again, the VPN connection was established successfully but mapping a drive using the SME username/pasword combination caused:
   System error 53 has occurred.
   The network path was not found.


Incidentally, if I browse "Entire Newwork" on my remote workstation with the VPN tunnel established, I do not see the SME domain.

Thanks for your patience,
Cheers,
Alex

[janet]

alext

Log in to Windows as the same user that exists on SME. It should work then.

[alext]

That is what I am doing.

Windows username:  alex
SME username:        alex

The same "net use..." error occurs

   System error 53 has occurred.
   The network path was not found.

(I added the last two paragraphs on to my last reply a little after I had posted the original so maybe you read it in between times, sorry)

Cheers,
Alex

[janet]

alext

OK got you re the same user.
I can only answer that VPN and drive mapping works for me on a variety of Windows platforms connecting to different sme servers.

   System error 53 has occurred.
   The network path was not found.

Just googled that and this answer looks interesting.
http://support.microsoft.com/kb/840634

ie Is the problem to do with Windows Firewall.
Perhaps you could disable it or open some ports on one of the remote Windows workstations and try again.

[alext]

Thanks for the pointer and the helpful advice.
I checked a little further and found all sorts of nasty things concerning port 445. Looks really scary!

I am not using the Windows Firewall, I am using Panda Internet Secure.
I created a rule allowing inbound TCP port 445 and...
hey-presto! I could then map drives.
(Still not too happy about the security angle)

However, I still cannot see my SME domain in Windows Explorer > "Entire Network", and when I log in via VPN it seems that the NETLOGON script on the SME server does not get executed.

Any ideas?

I may try to connect from my Ubuntu laptop to see if I can use a pure Linux setup.

Cheers,
Alex

[Stefano]

However, I still cannot see my SME domain in Windows Explorer > "Entire Network", and when I log in via VPN it seems that the NETLOGON script on the SME server does not get executed.

Any ideas?

please disable (only for test) all kind of personal firewall on windows client and retry

[alext]

Hi Stefano,
I am not in my office at the present time so I cannot use the same workstation that I used at the beginning of this topic but I am at my client's site, (the one with the SME server), and I have used one of his laptops that is connected to the outside of the router, (external SME gateway port), to try out your suggestion.

The laptop has no anti-virus installed and the Windows firewall has been stopped.

I can make a successful VPN tunnel using my domain/username/password as defined on the SME server.

I am able to manually map drives to shares on the SME server.

Browsing on the workstation with Windows Explorer does not show the SME domain in "Entire Network".

Also I do not see the drives that were defined in the SME Netlogon script.

Cheers,
Alex

[Stefano]

Browsing on the workstation with Windows Explorer does not show the SME domain in "Entire Network".

the remote one? it's quite "normal".. you have to wait ages to have it (in my experience).. edit your vpn setup on windows client and add the remote server as the dns..

Also I do not see the drives that were defined in the SME Netlogon script.

edit the netlogon script and (I'm assuming it's a bat file) and add a "pause" at the bottom..
just a question: are you invoking remote server via its name or via its ip?

[alext]

Thanks Stefano, I will try on my original workstation when I get back later thhis afternoon as the client needs his laptop

Cheers,
Alex