Koozali.org: home of the SME Server

Access the samba share from another local network

Offline grusu

  • 3
  • +0/-0
Access the samba share from another local network
« on: January 21, 2019, 01:05:25 PM »
Hi,

I need to access samba share from another local network.
The server is in "Server-only" mode.
I have set up a new local network. I can access the sme server web interface from that network but I do not have access to the server share.
How can I do that?

Thanks,
Geo
« Last Edit: January 21, 2019, 03:52:18 PM by grusu »

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Access the samba share from another local network
« Reply #1 on: January 21, 2019, 04:07:53 PM »
How did you open access to the server-manager interface?

If you've added a new local network in server-manger using "Security" / "Local networks" then the new local network should be included in
* the "hosts allow" declaration in /etc/samba/smb.conf
* the "local_chk" code in /etc/rc.d/init.masq so that traffic is accepted through the firewall

You can see what your server thinks the local network list looks like using either the db command or a perl command.
I created a non-existent network "192.168.1.0" on my server for demonstration purposes.

Code: [Select]
# db networks show
192.168.1.0=network
    Mask=255.255.255.0
    Router=192.168.200.18
192.168.200.0=network
    Mask=255.255.255.0
    SystemLocalNetwork=yes

Code: [Select]
# perl -e 'use esmith::NetworksDB; my $ndb = esmith::NetworksDB->open_ro; print join("\n",$ndb->local_access_spec) . "\n"'
127.0.0.1
192.168.1.0/255.255.255.0
192.168.200.0/255.255.255.0

Checking the actual code in the various config files:
Code: [Select]
# grep 'hosts allow' /etc/samba/smb.conf
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 192.168.200.0/255.255.255.0

# grep '192.168.1' /etc/rc.d/init.d/masq
/sbin/iptables -A $NEW_local_chk -s 192.168.1.0/255.255.255.0 -j ACCEPT
    /sbin/iptables --append FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j ACCEPT
    /sbin/iptables --append FORWARD -s 192.168.200.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j ACCEPT
    /sbin/iptables --append FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.200.0/255.255.255.0 -j ACCEPT

If the SME configuration looks OK, there are still issues with getting SMB shares to work in a routed network. I found this post that provides suggestions for avoiding the issues:
http://www.tldp.org/HOWTO/SMB-HOWTO-12.html

Other things to consider:
* Recent Windows 10 updates disabled SMB v1 used by SME 9.2 / Samba 3.6.  There are procedures available online for enabling SMB v1 on the windows systems
* Samba may be looking for port 445, which is not enabled for Samba on SME 9.2 by default (more googling)
« Last Edit: January 21, 2019, 04:16:46 PM by mmccarn »

Offline grusu

  • 3
  • +0/-0
Re: Access the samba share from another local network
« Reply #2 on: January 22, 2019, 07:29:26 AM »
Hi mmccarn,

  I did everything you suggest before posting. I've checked once more and everything looks set right.
I think either I need to set something in the samba configuration, or the samba version installed in the server has some limitations.
  I have activated in windows 10 SMB v1; otherwise I would not see a share in the same local network on the SME server.
  I have other servers in the network that the samba version is:

Code: [Select]
root@plex:~# apt-show-versions samba
samba:amd64/stretch 2:4.5.12+dfsg-2+deb9u4 uptodate

and can access the shares on them.

Thanks,
Geo

Online ReetP

  • *
  • 3,722
  • +5/-0
Re: Access the samba share from another local network
« Reply #3 on: January 22, 2019, 11:42:51 PM »
The 'other shares' are Samba 4.5.12

SME is on 3.x

Please have a read around about Windows 10 and SMB v1 etc.

I believe this was fixed in recent Windows 10 updates.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation