On 27/04/17 19:12, David Mehler wrote: > Hello, > > I've got a machine running Openvpn 2.4. It's also got a web server on > it. Currently to alter files users have to sftp them in to place. What > I was wondering is would it be possible to run samba4 as a standalone > server not as a domain member or controller, and give connecting users > rights to the web areas? Ideally they'd just hit their system's > network area then the workgroup then the share and copy in files that > way.
That can work. But Windows network browsing is a mysterious monster to me. I have used a similar setup elsewhere, but we added some logon scripts which assigned a drive letter to these shares. This can be done via --route-up script on the client, with the disconnect being run via --route-pre-down. > One issue is I don't want smbd and nmbd listening on the public > interface so I've got them locked down to 127.0.0.1 wondering if this > would be an issue? Gert covered the issue with 127.0.0.1. So either you need to ensure smbd is started _after_ the OpenVPN interface is configured on your system. Or you can add a dummy interface (modprobe dummy) and configure smbd to listen to that. Then you should be able to route to that interface properly via the VPN. Or you can let smbd listen to all IPs, and do the rest of the magic in iptables. In all these scenarios, you should also add restrictions in smb.conf. -- kind regards, David Sommerseth
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
