I configured a file share following the Mobile Access R80.10 Administration Guide (Mobile Access Applications).
When logging in to the SSLVPN portal I'm presented with the following:
If I enter '\\unix-01\public' it denies access:
If I however enter '\\192.168.1.3\public' it works perfectly...
Mobile Access name resolution for the gateway is configured:
Running a tcpdump on 192.168.1.3 (Samba AD Server) shows the DNS query being answered, with no other connections arriving:
[davidh@unix-01 ~]# tcpdump -i eth0 host 100.127.254.1 -nn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
05:45:02.597653 IP 100.127.254.1.58998 > 192.168.1.3.53: 38186+ A? unix-01.lair.co.za. (36)
05:45:02.598026 IP 192.168.1.3.53 > 100.127.254.1.58998: 38186* 1/2/2 A 192.168.1.3 (120)
2 packets captured
2 packets received by filter
0 packets dropped by kernel
Mobile Access log is generated:
Legacy Mobile Access policy should be allowing anything and everything:
- Not sure why it resolves unix-01.lair.co.za when the Mobile Access name resolution is configured for a domain of 'ad.lair.co.za' but both unix-01.lair.co.za and unix-01.ad.lair.co.za resolve to 192.168.1.3 when querying 192.168.1.3 or 192.168.1.5.
- Accessing the UNC path using an IP (\\192.168.1.3\public) results in nothing being logged anywhere.
- Access deny rule record contains the share name twice, as shown above.