Technical Tip: SMB File Share using FQDN is Inaccessible via SSL VPN Web Mode
| Description | This article addresses an issue where SSL VPN users are unable to access an SMB File share via SSL VPN web mode. |
| Scope | FortiGate v7.4.5, v7.6.0. |
| Solution | When attempting to access an SMB share via SSL VPN web mode, users encounter a 'permission denied' error after entering the credentials or when selecting the bookmark if Single Sign-On (SSO) is enabled. Sample config: config vpn ssl web portal edit "smb-share" set web-mode enable set forticlient-download disable set default-protocol smb config bookmark-group edit "gui-bookmarks" config bookmarks edit "labdog-smb" set apptype smb set folder "smb-1/UserShare" set sso auto next end next end next end The following errors may be seen in the debugs indicating that the FortiGate smbcd daemon fails to query the DNS server. smbcd: dns_query:143 sendto() failed: Connection refused smbcd: get_smbitem_list:398 error opening: smb://smb-1/UserShare: Network is unreachable [280:root:5]Transfer-Encoding n/a [280:root:5]Content-Length 188 [280:root:0]sslvpn_find_err_msg_array:405 Can't find the value for key: 400 [280:root:5]rmt_error_cb_handler:130 Can't get corresponding message for key 400. Use the default error message. This issue has been resolved in FortiOS versions 7.6.1 and 7.4.8. Logs required by FortiGate TAC for investigation.
diagnose debug application sslvpn -1 diagnose debug application fnbamd -1 diagnose debug application smbcd -1 diagnose debug console timestamp enable diagnose debug enable <reproduce the issue> diagnose debug reset
|