I have one Nethserver working as a Firewall/Gateway, AD, and File Server.
Everything work perfect, except when I have to work through OpenVPN RoadWarrior to access shared folders.
I can do almost everything through VPN (ping clients, access devices configurations pages, even see the shared folders), but when I try to enter any shared folder with credentials, I got blocked.
Server ip: 10.0.0.1.
AC/DC ip: 10.0.0.2.
OpenVPN RoadWarrior running as Bridged Mode (10.0.0.250 - 10.0.0.254) with Username and Password Auth.
Allow client-to-client network traffic and Push all static routes marked ON.
The client computer that i am trying to access shared folders isn’t on domain (loreto.local), its working on Workgroup.
I have tried many things to enter in the folders (DOMAIN\user , user@domain) but without success.
If I join a client computer on domain, I can access shared folders, but I have a user that I cant join his notebook on domain because his is using Windows 10 Home version.
AFAIK, NethServers built in OpenVPN implementation only supports routing mode, not bridged mode…
Bridged mode can be done, but is not advised nowadays…
If you are trying to access a computer that is NOT member of the AD, you need to use local authentification in that respect:
NETBIOS-NAME-OF-PC\user-of-that-pc
Normally, even a Windows 10 Home version can access Domain resourcces, but needs to authentificate accordingly… (eg map a network drive using a domain-user ID).
The OpenVPN you’re using also could be a problem - I always use the routed version of OpenVPN, either on my firewall or on NethSerrver (Nethserver is NEVER a firewall for me!). and I can access my NethServers drives with my Macbook (Not a domain member, but using windows authentification), it also works with a Windows 7 and 10 both professional, but not in the domain.
I can also access shares on other boxes, but these are all linux boxes, I don’t use Windows PCs at home…
No, but using Windows Explorer, you are seeing the shared folders probably as “guest”.
You then try to use authentification (Windows Domain authentification) which can’t work (Normally you would lock your account by such stuff!).
You need to authentificate first, before pointing Windows Explorer to that PC on the Network - and use correct authentification, eg the local admin of that PC. You can only get here by connecting via Windows Explorer, using the Network Drive function.
PC-Name \ Username
Both have to refer to the PC you’re trying to connect to!
Domain Users / Accounts can’t work for that PC…
Besides, it seems extremely stupid and security ignorant to use a Windows Home PC to share files, when you have a NethServer, which can handle that easily and very secure right next to it…
Non Domain members should have a Windows Workgroup name same as the domain, not the usual “WORKGROUP”…
I will try to explain better. Sorry for my bad english.
When I access to shared folders typing 10.0.0.1, soon asks for credentials because folders dont appear.
Then I type my AD credentials and thus the folders appear.
So, when I click to open folders, it asks for credentials again, but typing credentials it deny.
I am not using a pc to share folders, I am using Nethserver as a File Server.
Every file server I usually use, connecting through VPN, on Windows pc not joined on domain, to access files on shared folders I use DOMAIN\user + password and it works fine. But I’m not getting it with Nethserver.
IMVHO this might be a source of issues
With the bridging setup, maybe most of times works well, but i don’t take for granted that the lookup from local (Green) to remote (VPN) of computers works flawlessly every time.
With the route arrangement is needed more tweaking with firewalls, but is faster to comply:
sudden grow of number of clients (if you distrust enought what could possibly happen, you might step into a fast subnet change from 30, to 62, to 126 or more concurrent VPN connections)
sudden change of firewall settings (as the VPN designer you know for sure the source subnet for the computer in Green segment and the adapter of the firewall used for rules) implementing specific blocks both on the gateway and the computers
If all lies on the same subnet… you’re more prone to trouble.
