Re: [Openvpn-devel] [Openvpn-users] Is it possible to access Windows XP shares over port 445?

[Jan Just Keijser]

Hi Henno,

Henno Täht wrote:
FWIW, I posted this issue to Microsoft's forum:
http://social.answers.microsoft.com/Forums/en-US/xpnetwork/thread/82388e04-1791-43a0-a678-de8475bce537
Everyone who like this to be answered can mark that article to up the 
"X persons needs an answer" thing.


I think I finally figured it out (I ran into this issue myself this 
morning so I started hacking ;-)) :

if I set "Non-Admin Access" to "Not allowed" in the TAP-Win32 Adapter V9 
Advanced properties page and reboot the box then I can access the shares 
on my WinXP box using
 smbclient -L -p 445 \\192.168.200.2
(where 192.168.200.2 is the VPN IP).

Of course, the problem with not allowing this is that non-Admin users 
can no longer start a VPN connection. You'd need to run
 runas /env /profile user:AdminUser "openvpn ..."
to get around this.

Can somebody verify this? It sounds like a nice one for the FAQ.

share and enjoy,

JJK


2010/6/26 Gert Doering <g...@greenie.muc.de <mailto:g...@greenie.muc.de>>

    Hi,

    On Wed, Jun 23, 2010 at 10:50:45PM +0300, Henno Täht wrote:
    > On Wed, Jun 23, 2010 at 22:48, Gert Doering <g...@greenie.muc.de
    <mailto:g...@greenie.muc.de>> wrote:
    > > On Wed, Jun 23, 2010 at 09:10:10AM +0200, Jan Just Keijser wrote:
    > > > assigns a 169.254 address. If this works for you as well
    then maybe the
    > > > tap-win32 developers can dive deeper into this and find out
    why windows
    > > > treats the 'always connected' adapter differently from an
    'application
    > > > controlled' adapter .
    > >
    > > I'd assume that windows services are not "bound" to "dynamic"
    interfaces...
    >
    > By dynamic interface you mean an interface which has  "Obtain IP
    address
    > automatically" set?

    No, I was thinking about interfaces that sort of "are not always
    there".

    But that was a misconception, the TAP interface *is* always there
    - what's
    application controlled is whether it's "connected to an ethernet
    cable"
    (virtual, of course) all the time, or only if openvpn tells it so.

    But in that my idea doesn't really make sense - it's as if windows
    wouldn't
    start windows sharing if the ethernet cable is not plugged in at
    boot time.

    gert

    --
    USENET is *not* the non-clickable part of WWW!
                                                             
    //www.muc.de/~gert/ <http://www.muc.de/%7Egert/>
    Gert Doering - Munich, Germany                            
    g...@greenie.muc.de <mailto:g...@greenie.muc.de>
    fax: +49-89-35655025                      
     g...@net.informatik.tu-muenchen.de
    <mailto:g...@net.informatik.tu-muenchen.de>