Simon Holywell

Samba File Share Over SSH Tunnel

Sometimes you need to be able to access a remote Samba server in a secure manner from a Windows machine.  This is a relatively simple procedure on an XP SP3 machine like mine linking into an Ubuntu server pre setup with Samba file sharing.

Windows is a little bit annoying as it binds all filesharing operations to port 139 so you cannot have more than one filesharing system in operation at once.  If you were to tunnel directly across to your Samba server it would bang heads with the Windows filesharing layer.  You could just disable file sharing in Windows but that is an in elegant method and you may need access to both Windows and remote Samba shares.  So we will need to setup a new loopback adapter with a local ip address that we can tunnel Samba request through thus allowing Windows filesharing to operate normally along side Samba.  This effectively makes Windows think that it is accessing Samba shares on a seperate machine whereas a tunnel usually acts as a port on the local machine.

Add the Loopback Adapter to the Windows client machine

1. Open up the Add Hardware control panel (Start > Control Panel > Add Hardware)
2. Click next and wait for the annoying wizard to finish hunting around your system
3. Choose ‘Yes, I have already connected the hardware’
4. Then scroll to the bottom of the ‘Installed hardware’ list box and choose ‘Add new hardware device’
5. Now choose ‘Install the hardware that I manually select from a list (Advanced)’
6. Select  ‘Network adapters’
7. Under ‘Manufacturer’ you want ‘Microsoft’
8. For ‘Network Adapter’ choose ‘Microsoft Loopback Adapter’
9. You may have a to wait a little while for the adapter to be fully installed

Set the Loopback Adapters Configuration

1. Pull up the adapters properties dialogue (Start > Control Panel > Network Connections and then right click on the adapter and choose properties)
2. Disable ‘File and Printer Sharing for Microsoft Networks’
3. Highlight ‘Internet Protocol (TCP/IP)’ and click the ‘Properties’ button
   1. Choose ‘Use the following IP address’
      1. Enter ‘10.0.0.1′ for ‘IP address’
      2. Enter ‘255.255.255.0′ for ‘Subnet mask’
   2. Click the ‘Advanced’ button and on the ‘WINS’ tab
      1. Enable ‘Enable LMHOSTS Lookup’
      2. Check ‘Disable NetBIOS over TCP/IP’
4. You will now need to restart you computer even though Windows does not prompt for this step

Configure the SSH Tunnel

1. On your PuTTY session configuration dialogue choose Connection > SSH > Tunnels
2. Check/enable ‘Local ports accept connections from other hosts’
3. In ‘Source port’ enter ‘10.0.0.1:139′
4. In ‘Destination’ enter ‘localhost:139′ (127.0.0.1:139 did not work for me)

Test and Map the Connection

In the Run command console (Start > Run) enter ‘\10.0.0.1′ and you should be presented with file explorer window containing the contents of your Samba share.

So if that worked we are ready to roll, but you can give your Samba share ’server’ a more friendly name by opening ‘C:WINDOWSsystem32driversetchosts’ in your favourite editor (Vim in my case).  Scroll to the bottom and enter the following ‘10.0.0.1    samba’.  You can now access ‘//samba’ in the same way we did above via the Run dialogue.  If you have assigned the loopback device to a different subnet then you will need use the lmhosts file in the same directory instead – please see Microsoft KB Article Q105997.

Now you can Map the Samba share like any other by using the ‘Tools’ menu in a Windows file explorer window.  In the ‘Folder’ input enter ‘\samba’ or for a home directory called simon ‘\sambasimon’ (you must have enabled home directory sharing in your Samba smb.conf (/etc/samba/smb.conf)).