SMB through SSH tunnel
I'm having trouble setting up samba access over an SSH tunnel. If I forward port 139 on my machine to port 139 on the server, like so,
ssh -L 139:localhost:139 user@server
and then connect from the finder with Go -> Connect to Server and enter "smb://localhost/username" it works great. Moreover, if I do "smbclient -L localhost -U username" I get (with names changed to protect the innocent):
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Server Comment
--------- -------
Workgroup Master
--------- -------
OATESNET MYSERVERNAME
That's great. However, I need to in fact be running a samba server on my local machine as well as accessing a remote one --- therefore, I can't forward from port 139 on my local machine because it conflicts with my local samba server (actually, I can, and it appears to be a crapshoot whether my local server or the remote server through SSH gets the connection. Weird. But that's a different story).
So, I try and forward from a different port, say 52187. So I create my tunnel:
ssh -L 52187:localhost:139 username@server
Now I try and connect through the Finder. I get error:
"The Finder cannot complete the operation because some data in "smb://localhost:52187/username" could not be read or written. (Error code -36)."
Hmm. Let's try and diagnose from the console. I type:
smbclient -L localhost -U username -p 52187
It connects to the remote server, but only partially. I get the following output:
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
Error connecting to 127.0.0.1 (Invalid argument)
Connection to localhost failed
NetBIOS over TCP disabled -- no workgroup available
Weird. Note that this is with my local Samba server not running. Now, if I try and run smbclient with the local server running, I get a different error:
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
session setup failed: NT STATUS_LOGONFAILURE
NetBIOS over TCP disabled -- no workgroup available
Weirder --- so I look in the log files for the local Samba server (/var/log/samba/log.smbd). There are two new messages from the exact time when I tried to contact my remote server:
[2007/06/20 17:35:08, 0] /SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)
smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2007/06/20 17:35:08, 0] pdb ods.c:odssamgetsampwnam(2329)
odssam_getsampwnam: [0]get sam_recordattributes dsRecTypeStandard:Users no account for 'username'!
Note that 'username' is not a user on my local machine. I'm not sure what would happen if it were.
What looks like is happening to me is that the samba client is in fact contacting the server on the port that I give, but then trying to initiate some other communication (authentication?) on the default port, 139. That's why when I'm forwarding from port 139 it all works fine. That's also why I get a different error message and stuff in my local logs when the local server is running --- the samba client is contacting the remote server for part of the transaction and the local server for another part. When the local server isn't running, it just can't contact anyone and gets confused.
The question is, how can I make the samba client consistently use the port I tell it to use? Am I missing something?
-Andrew
PS -- why is it that I can have both a local samba server running on port 139 and an SSH tunnel that forwards from that port at the same time? Does it have to do with what interfaces their bound on? As in, the SSH server is only bound on the loopback interface, while the Samba server is only bound on my ethernet card? That's the only explanation I could think of.
ssh -L 139:localhost:139 user@server
and then connect from the finder with Go -> Connect to Server and enter "smb://localhost/username" it works great. Moreover, if I do "smbclient -L localhost -U username" I get (with names changed to protect the innocent):
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Server Comment
--------- -------
Workgroup Master
--------- -------
OATESNET MYSERVERNAME
That's great. However, I need to in fact be running a samba server on my local machine as well as accessing a remote one --- therefore, I can't forward from port 139 on my local machine because it conflicts with my local samba server (actually, I can, and it appears to be a crapshoot whether my local server or the remote server through SSH gets the connection. Weird. But that's a different story).
So, I try and forward from a different port, say 52187. So I create my tunnel:
ssh -L 52187:localhost:139 username@server
Now I try and connect through the Finder. I get error:
"The Finder cannot complete the operation because some data in "smb://localhost:52187/username" could not be read or written. (Error code -36)."
Hmm. Let's try and diagnose from the console. I type:
smbclient -L localhost -U username -p 52187
It connects to the remote server, but only partially. I get the following output:
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
Error connecting to 127.0.0.1 (Invalid argument)
Connection to localhost failed
NetBIOS over TCP disabled -- no workgroup available
Weird. Note that this is with my local Samba server not running. Now, if I try and run smbclient with the local server running, I get a different error:
Domain=[MYSERVERNAME] OS=[Unix] Server=[Samba 3.0.24]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Myservername)
username Disk Home Directories
session setup failed: NT STATUS_LOGONFAILURE
NetBIOS over TCP disabled -- no workgroup available
Weirder --- so I look in the log files for the local Samba server (/var/log/samba/log.smbd). There are two new messages from the exact time when I tried to contact my remote server:
[2007/06/20 17:35:08, 0] /SourceCache/samba/samba-100.7/samba/source/smbd/server.c:main(789)
smbd version 3.0.10 started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
[2007/06/20 17:35:08, 0] pdb ods.c:odssamgetsampwnam(2329)
odssam_getsampwnam: [0]get sam_recordattributes dsRecTypeStandard:Users no account for 'username'!
Note that 'username' is not a user on my local machine. I'm not sure what would happen if it were.
What looks like is happening to me is that the samba client is in fact contacting the server on the port that I give, but then trying to initiate some other communication (authentication?) on the default port, 139. That's why when I'm forwarding from port 139 it all works fine. That's also why I get a different error message and stuff in my local logs when the local server is running --- the samba client is contacting the remote server for part of the transaction and the local server for another part. When the local server isn't running, it just can't contact anyone and gets confused.
The question is, how can I make the samba client consistently use the port I tell it to use? Am I missing something?
-Andrew
PS -- why is it that I can have both a local samba server running on port 139 and an SSH tunnel that forwards from that port at the same time? Does it have to do with what interfaces their bound on? As in, the SSH server is only bound on the loopback interface, while the Samba server is only bound on my ethernet card? That's the only explanation I could think of.
Macbook Pro 15 in., Mac OS X (10.4.9)
