Topic: Remotely Connecting to SharedFolders

[GlxyDs]

Hi,

I'm having issues with WebDAV with SharedFolders.

I easily got SharedFolders installed and working locally. I now need to be able to use it off-site. I have web access (with password) enabled as well as webDAV, force secure conn, and indexes.

I am using SME Server in server-only mode, and I have other web servers setup on the network so in my router I had to port forward port 88 to SME Server (192.168.0.30) port 80. Now, I try to access my SME Server using my domain and the share name: http://office.csystems.com:88/test but Internet Explorer cannot display the webpage.

In my error log I find the following:

Code: [Select]

Invalid method in request \x16\x03\x01
I tried to map the location using a similar URL (\\office.csystems.com:88\test) and it then had a prompt for the user/pass but no matter which user I use, I would get declined and the error log would show the following:

Code: [Select]

Invalid method in request \x80F\x01\x03\x01

I am not very good with this stuff and feel like I won't be able to resolve it alone...

[Daniel B.]

Hi. As you choosed to force secure connections, you also need to forward a port from your router to port 443 of your SME box. And you need to explicitly use https and the port which you forward to the 443 one. This is for simple https access. If you want to use webdav, I strongly recommend to use a real webdav client (bitkinex is not a bad one for example), as the default one in Windows never really worked reliably.

Regards, Daniel

[GlxyDs]

Thanks Daniel! If I wasn't using the secure way, what port would I have to forward? Would it not just be port 80?

I made the changes you mentioned and now in Windows I get a user prompt and put in the proper user/pass but get this error:

Code: [Select]

(13)Permission denied: access to /test denied
I will try to use a different client like you mentioned.

[Daniel B.]

If you don't force secure connections, you can either use port 80 with plain text http, or port 443 with secured https. If you force secured connections, any requests for this share in plain text will be redirected to the secured equivalent on port 443. If you ask for a password to access the share, forcing secured connections is highly encouraged.

Regards, Daniel

[GlxyDs]

Daniel,

I'm getting a permission error now! Progress though! I'm very grateful.

Code: [Select]

(13)Permission denied: access to /test denied

[chris burnat]

Moving to 8.xx contribs section of the forum, not a core issue.

[Daniel B.]

I'm getting a permission error now! Progress though! I'm very grateful.

Code: [Select]

(13)Permission denied: access to /test denied

- You should check the user you used to login has at least read access (or is member of a group with at least read access)
- You should check you have enabled web access for the entire Internet if you want to access it from the outside
- You should check the Indexes option is enabled (if not, you'll have a permission denied unless you enter the URI of an existing file)

Regards, Daniel

[GlxyDs]

Daniel,

- The user has read/write access (I've only setup one, just to test the system).
- I have enabled web access -> Entire Internet (With Password)
- Indexes are enabled

Do you have any other ideas?

Thanks!

[Daniel B.]

You should check the logs /var/log/httpd/access_log and /var/log/httpd/error_log

Regards, Daniel

[GlxyDs]

Unfortunately the only thing in those logs related to my attempt to access is this:

Code: [Select]

[Tue Jun 19 11:05:32 2012] [error] [client 75.158.58.11] (13)Permission denied: access to /test denied
[Tue Jun 19 11:06:12 2012] [error] [client 75.158.58.11] (13)Permission denied: access to /test denied

[Daniel B.]

So, this is either an filesystem permission problem, or a configuraion issue. Please, post he result of the following commands:

db accounts show <share name>
getfacl /home/e-smith/files/shares/<share name>
mount

[GlxyDs]

Here are the results:

Code: [Select]

[root@sme1 ~]# db accounts show test
test=share
    Ajaxplorer=disabled
    DynamicContent=disabled
    Encryption=disabled
    InactivityTimeOut=
    Indexes=enabled
    Name=Test
    ReadGroups=
    ReadUsers=
    RecycleBin=disabled
    RecycleBinRetention=unlimited
    RequireSSL=enabled
    WebDav=enabled
    WriteGroups=
    WriteUsers=anthony,michel,support2
    httpAccess=global-pw
    smbAccess=browseable

Code: [Select]

[root@sme1 ~]# getfacl /home/e-smith/files/shares/test
getfacl: Removing leading '/' from absolute path names
# file: home/e-smith/files/shares/test
# owner: root
# group: admin
user::rwx
user:michel:r-x
user:support2:r-x
user:anthony:r-x
group::rwx
group:admin:r-x
mask::rwx
other::---

Code: [Select]

[root@sme1 ~]# mount
/dev/mapper/main-root on / type ext3 (rw,usrquota,grpquota,acl)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/md1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
Anything obvious?

[Daniel B.]

Ok, you've find a bug in the contrib. The problem here is that the user running apache (www) doesn't have read access to the share. Historically, it was only possible to set permissions on groups, so, as long as one group had read or write access, user www (which is a member of every groups) also had the same access. Now that individual users can have different permissions, I need to explicitly grant www user access to the share.
Waiting for a fix, you can grant at least read access to any group you want, and web access should then work.

Regards, Daniel

[GlxyDs]

Neat, glad I was able to discover a bug! Anyways, adding a group fixed my issues with BitKinex, now if only Windows played nice.

From what I've read it's an issue with Basic authentication. Is there anyways to get Digest working with this?