Samba over Wireguard guide needed

edited February 2021 in Help

Ima repost the entire content here from the other green forum, I'm in need this quick, hope I could find help from here:

I'm looking for a way to setup Samba shares over Wireguard correctly, but it seems I couldn't get it to work, literally spent an entire day messin the server and my PC getting the shares working but failed miserably, server is running Debian Bullseye, client is running Windows 10

Thanks in advance!

Comments

  • I assume the client and server can ping each other over the VPN. Firewall on the server? smb.conf / [global] / interfaces? How are clients to login to the samba server?

  • @seanho said:
    I assume the client and server can ping each other over the VPN. Firewall on the server? smb.conf / [global] / interfaces? How are clients to login to the samba server?

    I could ping, firewall disabled, client using explorer to log in, smb.conf is configured fitting with Wireguard, probably configuring Samba, making it works is a lot of headache :neutral:

  • @Daniel is your guy

  • DanielDaniel OG
    edited February 2021

    Do you get any error messages? It's hard to tell what's wrong when you just say it 'failed miserably' with no other info (error messages, what failed, etc) :smiley:

    @ehab said:
    @Daniel is your guy

    I recently wrote a guide for NFS over WireGuard (https://d.sb/2020/12/nfs-howto). Not sure about Samba though, it's been a very long time since I last used it. The last time I used it was to share files between a Linux server (2.4.x kernel) and a Windows 98 PC back in the early 2000s ?

    Some versions of Windows (I think just Windows Server and Windows 10 Enterprise) include an NFS client, but unfortunately it's only NFSv3.

    Thanked by (1)ehab
  • havochavoc OGContent WriterSenpai

    NFS is easier in my experience.

    I'd suggest something like this:

    1) First check if serving anything works. i.e. all your VPN and portforwarding works. I usually do this via python 3's http.server

    sudo apt install python3 python3-pip -y
    mkdir test
    cd test
    touch testing
    python3 -m http.server

    ...that'll start a server on port 8000 sharing the empty test file you created via a http server. If you can access that remotely then vpn is fine

    2) Samba - easiest is anonymous share in my experience - but obviously reliant on the VPN for security then cause no password.

    In the samba config it's this

    guest ok = yes

    3) Kinda hacky but easiest way around getting user rights to folder to work is via group permissions. i.e. add the incoming samba user to whatever group is set on the folder in question. Remember to apply group recursively and if applicable change it to 774 access. Reasonably sure this is the wrong/dangerous way but that's what I settled on after also spending a day on this kak. (I'm all ears if someone knows the correct way).

    @Daniel said:

    Some versions of Windows (I think just Windows Server and Windows 10 Enterprise) include an NFS client, but unfortunately it's only NFSv3.

    Win10Pro has it too

  • I have SAMBA 3.6 on my home router. The config smb.conf is as follows and it is compatible with Windows 10.

    [global]
            netbios name = OpenWrt
            display charset = UTF-8
            interfaces = lo br-lan
            server string = OpenWrt
            unix charset = UTF-8
            workgroup = WORKGROUP
            bind interfaces only = yes
            deadtime = 30
            enable core files = no
            invalid users = root
            local master = no
            map to guest = Bad User
            min protocol = SMB2
            max protocol = SMB2
            min receivefile size = 16384
            null passwords = yes
            passdb backend = smbpasswd
            security = user
            smb passwd file = /etc/samba/smbpasswd
            use sendfile = yes
    
    [N]
            path = /mnt/N
            read only = no
            guest ok = yes
            create mask = 0777
            directory mask = 0777
            browseable = yes
    

    No hostname left!

  • Probably NFS could save me a few hours I guess, I'll try to get it setup today

  • edited February 2021

    @Daniel said:
    Do you get any error messages? It's hard to tell what's wrong when you just say it 'failed miserably' with no other info (error messages, what failed, etc) :smiley:

    @ehab said:
    @Daniel is your guy

    I recently wrote a guide for NFS over WireGuard (https://d.sb/2020/12/nfs-howto). Not sure about Samba though, it's been a very long time since I last used it. The last time I used it was to share files between a Linux server (2.4.x kernel) and a Windows 98 PC back in the early 2000s ?

    Some versions of Windows (I think just Windows Server and Windows 10 Enterprise) include an NFS client, but unfortunately it's only NFSv3.

    I actually followed your guide, switching around with the configuration, and when doing mounting (mount //10.1.2.3/data Z:, mount 10.1.2.3:/data Z:, net use Z: //10.1.2.3/data as a regular user) it just refused to mount (Network error 53 -- The network path was not found), I tried changing the provider order, firewall is disabled b4 I did this thread, pinging the server is fine, showmount does show something (ERROR - Unsupported Windows version), checking netstat shows the port 111 and 2049 are listening, I also spun up a vps and set up nfs-client and wireguard on it and probably my bad when it returns access denied by server, I can't really find more stuff atm

Sign In or Register to comment.