David Herselman

R80.10 Mobile Access - File Share

Discussion created by David Herselman on Sep 10, 2018
Latest reply on Sep 13, 2018 by Hugo van der Kooij

I configured a file share following the Mobile Access R80.10 Administration Guide (Mobile Access Applications).

 

When logging in to the SSLVPN portal I'm presented with the following:

 

If I enter '\\unix-01\public' it denies access:

 

If I however enter '\\192.168.1.3\public' it works perfectly...

 

 

Mobile Access name resolution for the gateway is configured:

 

Running a tcpdump on 192.168.1.3 (Samba AD Server) shows the DNS query being answered, with no other connections arriving:

[davidh@unix-01 ~]# tcpdump -i eth0 host 100.127.254.1 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
05:45:02.597653 IP 100.127.254.1.58998 > 192.168.1.3.53: 38186+ A? unix-01.lair.co.za. (36)
05:45:02.598026 IP 192.168.1.3.53 > 100.127.254.1.58998: 38186* 1/2/2 A 192.168.1.3 (120)

2 packets captured
2 packets received by filter
0 packets dropped by kernel

 

Mobile Access log is generated:

 

 

Legacy Mobile Access policy should be allowing anything and everything:

 

 

Other observations:

  • Not sure why it resolves unix-01.lair.co.za when the Mobile Access name resolution is configured for a domain of 'ad.lair.co.za' but both unix-01.lair.co.za and unix-01.ad.lair.co.za resolve to 192.168.1.3 when querying 192.168.1.3 or 192.168.1.5.
  • Accessing the UNC path using an IP (\\192.168.1.3\public) results in nothing being logged anywhere.
  • Access deny rule record contains the share name twice, as shown above.

Outcomes