|
When attempting to access an SMB share via SSL VPN web mode, users encounter a 'permission denied' error after entering the credentials or when selecting the bookmark if Single Sign-On (SSO) is enabled.
Sample config:
config vpn ssl web portal
edit "smb-share"
set web-mode enable
set forticlient-download disable
set default-protocol smb
config bookmark-group
edit "gui-bookmarks"
config bookmarks
edit "labdog-smb"
set apptype smb
set folder "smb-1/UserShare"
set sso auto
next
end
next
end
next
end
The following errors may be seen in the debugs indicating that the FortiGate smbcd daemon fails to query the DNS server.
smbcd: dns_query:143 sendto() failed: Connection refused
smbcd: get_smbitem_list:398 error opening: smb://smb-1/UserShare: Network is unreachable
[280:root:5]Transfer-Encoding n/a
[280:root:5]Content-Length 188
[280:root:0]sslvpn_find_err_msg_array:405 Can't find the value for key: 400
[280:root:5]rmt_error_cb_handler:130 Can't get corresponding message for key 400. Use the default error message.
This issue has been resolved in FortiOS versions 7.6.1 and 7.4.8.
Logs required by FortiGate TAC for investigation.
- Debugs:
diagnose debug application sslvpn -1
diagnose debug application fnbamd -1
diagnose debug application smbcd -1
diagnose debug console timestamp enable
diagnose debug enable
<reproduce the issue>
diagnose debug reset
-
TAC Report:
execute tac report
-
Configuration file of the FortiGate.
|
