Re: --protocol=pulse and smb access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 30, 2020 at 9:11 AM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
>
> On Thu, 2020-04-30 at 18:02 +0200, Thierry de Coulon wrote:
> > with --protocol=pulse, the tunnel is created, but on smb access I never get
> > asked for the password, so I get no access.
> >
> > with --protocol=nc (which I understand to be same as --juniper) everything
> > works as before.
> >
> > Just wondering if this is the intended way it should work.
>
> That seems odd; there shouldn't be any difference. The only *expected*
> difference is that the older NC protocol only supports Legacy IP.
>
> Do you have any IPv6 configuration on the VPN when you connect with
> Pulse?
>
> I suspect there's some weirdness with DNS or routing — or perhaps the
> VPN MTU. Can you reproduce with smbclient on the command line and
> debugging enabled? And can you capture the traffic on the VPN interface
> while you try, so we can compare both nc and pulse modes?

Right. There is most likely a difference in routing between the two
VPN configurations.

My guess is that there's something that's confusing Windows Active
Directory authentication here… it uses a very complex and messy
combination of DNS and Kerberos and SMB. A difference in DNS servers
may be playing a role. Using the command-line smbclient and playing
around with different authentication options should help to debug it.

Dan

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux