I have one Nethserver working as a Firewall/Gateway, AD, and File Server.
Everything work perfect, except when I have to work through OpenVPN RoadWarrior to access shared folders.
I can do almost everything through VPN (ping clients, access devices configurations pages, even see the shared folders), but when I try to enter any shared folder with credentials, I got blocked.
Server ip: 10.0.0.1.
AC/DC ip: 10.0.0.2.
OpenVPN RoadWarrior running as Bridged Mode (10.0.0.250 - 10.0.0.254) with Username and Password Auth.
Allow client-to-client network traffic and Push all static routes marked ON.
The client computer that i am trying to access shared folders isn’t on domain (loreto.local), its working on Workgroup.
I have tried many things to enter in the folders (DOMAIN\user , user@domain) but without success.
If I join a client computer on domain, I can access shared folders, but I have a user that I cant join his notebook on domain because his is using Windows 10 Home version.
Could I get a solution?
Thanks a lot!
AFAIK, NethServers built in OpenVPN implementation only supports routing mode, not bridged mode…
Bridged mode can be done, but is not advised nowadays…
If you are trying to access a computer that is NOT member of the AD, you need to use local authentification in that respect:
Normally, even a Windows 10 Home version can access Domain resourcces, but needs to authentificate accordingly… (eg map a network drive using a domain-user ID).
My 2 cents
Im using OpenVPN Community that supports bridge mode just to get in same LAN network to simplify.
Im trying to access a shared folder, and I can see those folders on Windows Explorer, but I cant access them, it show access denied.
I guess I cant access them because the laptop is not joined on domain.
Connect the Drive manually, from Windows Explorer First
Map Network Drive
That should work…
It doesnt work.
I use my AD credentials, but cant access files.
No matter if I try with username or DOMAIS\username or email@example.com
Is the host you’re trying to access a
- Nethserver box?
- Windows Domain Member?
- A non Windows Domain member?
The OpenVPN you’re using also could be a problem - I always use the routed version of OpenVPN, either on my firewall or on NethSerrver (Nethserver is NEVER a firewall for me!). and I can access my NethServers drives with my Macbook (Not a domain member, but using windows authentification), it also works with a Windows 7 and 10 both professional, but not in the domain.
I can also access shares on other boxes, but these are all linux boxes, I don’t use Windows PCs at home…
Its a non Windows Domain Member.
I saw now that my credentials works fine to see shared folder but not to access files.
I create a VM to test and joined in Domain… Using same OpenVPN configs I can access my perfectly using my credentials.
So, I’m guessing that it is something related that only clients joined in domain can access files.
No, but using Windows Explorer, you are seeing the shared folders probably as “guest”.
You then try to use authentification (Windows Domain authentification) which can’t work (Normally you would lock your account by such stuff!).
You need to authentificate first, before pointing Windows Explorer to that PC on the Network - and use correct authentification, eg the local admin of that PC. You can only get here by connecting via Windows Explorer, using the Network Drive function.
PC-Name \ Username
Both have to refer to the PC you’re trying to connect to!
Domain Users / Accounts can’t work for that PC…
Besides, it seems extremely stupid and security ignorant to use a Windows Home PC to share files, when you have a NethServer, which can handle that easily and very secure right next to it…
Non Domain members should have a Windows Workgroup name same as the domain, not the usual “WORKGROUP”…
My 2 cents
I will try to explain better. Sorry for my bad english.
When I access to shared folders typing 10.0.0.1, soon asks for credentials because folders dont appear.
Then I type my AD credentials and thus the folders appear.
So, when I click to open folders, it asks for credentials again, but typing credentials it deny.
I am not using a pc to share folders, I am using Nethserver as a File Server.
Every file server I usually use, connecting through VPN, on Windows pc not joined on domain, to access files on shared folders I use DOMAIN\user + password and it works fine. But I’m not getting it with Nethserver.
IMVHO this might be a source of issues
With the bridging setup, maybe most of times works well, but i don’t take for granted that the lookup from local (Green) to remote (VPN) of computers works flawlessly every time.
With the route arrangement is needed more tweaking with firewalls, but is faster to comply:
- sudden grow of number of clients (if you distrust enought what could possibly happen, you might step into a fast subnet change from 30, to 62, to 126 or more concurrent VPN connections)
- sudden change of firewall settings (as the VPN designer you know for sure the source subnet for the computer in Green segment and the adapter of the firewall used for rules) implementing specific blocks both on the gateway and the computers
If all lies on the same subnet… you’re more prone to trouble.
The PC can‘t use AD credentials (It is not in the domain) , you MUST use a User / Password from That PC!!!