Koozali.org: home of the SME Server

Obsolete Releases => SME Server 9.x => Topic started by: grusu on January 21, 2019, 01:05:25 PM

Title: Access the samba share from another local network
Post by: grusu on January 21, 2019, 01:05:25 PM

Hi,

I need to access samba share from another local network.
The server is in "Server-only" mode.
I have set up a new local network. I can access the sme server web interface from that network but I do not have access to the server share.
How can I do that?

Thanks,
Geo

Title: Re: Access the samba share from another local network
Post by: mmccarn on January 21, 2019, 04:07:53 PM

How did you open access to the server-manager interface?

If you've added a new local network in server-manger using "Security" / "Local networks" then the new local network should be included in
* the "hosts allow" declaration in /etc/samba/smb.conf
* the "local_chk" code in /etc/rc.d/init.masq so that traffic is accepted through the firewall

You can see what your server thinks the local network list looks like using either the db command or a perl command.
I created a non-existent network "192.168.1.0" on my server for demonstration purposes.

Code: [Select]

# db networks show
192.168.1.0=network
    Mask=255.255.255.0
    Router=192.168.200.18
192.168.200.0=network
    Mask=255.255.255.0
    SystemLocalNetwork=yes


Code: [Select]

# perl -e 'use esmith::NetworksDB; my $ndb = esmith::NetworksDB->open_ro; print join("\n",$ndb->local_access_spec) . "\n"'
127.0.0.1
192.168.1.0/255.255.255.0
192.168.200.0/255.255.255.0

Checking the actual code in the various config files:

Code: [Select]

# grep 'hosts allow' /etc/samba/smb.conf
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 192.168.200.0/255.255.255.0

# grep '192.168.1' /etc/rc.d/init.d/masq
/sbin/iptables -A $NEW_local_chk -s 192.168.1.0/255.255.255.0 -j ACCEPT
    /sbin/iptables --append FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j ACCEPT
    /sbin/iptables --append FORWARD -s 192.168.200.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j ACCEPT
    /sbin/iptables --append FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.200.0/255.255.255.0 -j ACCEPT

If the SME configuration looks OK, there are still issues with getting SMB shares to work in a routed network. I found this post that provides suggestions for avoiding the issues:
http://www.tldp.org/HOWTO/SMB-HOWTO-12.html

Other things to consider:
* Recent Windows 10 updates disabled SMB v1 used by SME 9.2 / Samba 3.6.  There are procedures available online for enabling SMB v1 on the windows systems
* Samba may be looking for port 445, which is not enabled for Samba on SME 9.2 by default (more googling)

Title: Re: Access the samba share from another local network
Post by: grusu on January 22, 2019, 07:29:26 AM

Hi mmccarn,

  I did everything you suggest before posting. I've checked once more and everything looks set right.
I think either I need to set something in the samba configuration, or the samba version installed in the server has some limitations.
  I have activated in windows 10 SMB v1; otherwise I would not see a share in the same local network on the SME server.
  I have other servers in the network that the samba version is:

Code: [Select]

root@plex:~# apt-show-versions samba
samba:amd64/stretch 2:4.5.12+dfsg-2+deb9u4 uptodate

and can access the shares on them.

Thanks,
Geo

Title: Re: Access the samba share from another local network
Post by: ReetP on January 22, 2019, 11:42:51 PM

The 'other shares' are Samba 4.5.12

SME is on 3.x

Please have a read around about Windows 10 and SMB v1 etc.

I believe this was fixed in recent Windows 10 updates.