An agent-based application utilizing the SMB protocol can enable secure access to organizational users to servers or drives.
Configuring an SMB application to provide secure access to a file server
To configure an SMB application, follow these steps.
- Enter a unique Application Name.
- Upload a relevant Application Logo that will be visible to business users as a thumbnail.
- Enter the Application Description if any.
- In the IP Address/Domain Name field enter the File Server or Samba Share Server IP address.
- Select the SMB protocol from the dropdown. Automatically port number will be populated in the Port Value field next to it.
- Enter the External Domain Name that will be visible to business users.
For Example, fileshare.seqrite.seqriteztna.com -
Select the appropriate App Connector from the dropdown.
Accessing an SMB Application as a business user
To access an SMB application as a business user, follow these steps.
- Log in to a user portal. For Example, apps.seqrite.seqriteztna.com.
(The user portal domain name is unique for each account. Please check the same under Settings > Site management > Sidebar view) - Click the file server application and connect.
- Copy the domain which is published after connecting the application.
-
Paste it in a run window. For Example, \fileshare.seqrite.seqriteztna.com.
Important Note: ☛
- Disable Server service from services.msc
Reason: Port 445 is mandatory for accessing the application through SMB. Protocol. By default, the ‘Server’ service listens on port 445, which blocks the agent to listen on port 445. Hence it is recommended to stop and disable Server service. Once it is done, restart the machine and start accessing the SMP application. - Connect to only one SMB server at a time.
Reason: Windows strictly allows listening only on 127.0.0.1:445 for SMB.
The above limitations are specific to Windows only.
The Seqrite ZTNA Agent has no role in authenticating SMB Server Credentials nor in checking drive or folder-specific restrictions for any user. This is done on the SMB Server end.
- Disable Server service from services.msc
Gaining full access to SMB Server
There are several ways to access an SMB server on Windows.
-
Using Windows Run
Press Windows Key + R. Enter \external_domain_name then click OK. (that is configured in Seqrite ZTNA admin console > Applications page.)
-
Using File Explorer Address Bar
Type \external_domain_name (that is configured in AppCatalog) in the File Explorer Address Bar and click Enter.
Business users can access SMB servers by following the above two methods. The business user will see all the shared folders available on the server. A user will get the following error if they attempt to access the folder they don’t have access to.
Configuring SMB Server access as per requirements
Windows SMB Server Drive specific access
To configure a specific Drive for sharing, follow these steps.
1. Right-click the Drive.
2. Select Properties.
3. Go to Sharing.
4. Go to Advanced Sharing. Click Share this folder. Change the Share Name (if required)
5. Click on Permissions for user control and read/write permissions.
6. By default, read-only access is provided to everyone. To add or remove a specific user, click Add or Remove respectively.
7. Click Apply.
8. Before clicking on close, observe the Network Path (Highlighted in the following image, use this path to access the specific folder through SMB Client).
1. Right-click the Drive.
2. Select Properties.
3. Go to Sharing.
4. Go to Advanced Sharing. Click Share this folder. Change the Share Name (if required)
5. Click on Permissions for user control and read/write permissions.
6. By default, read-only access is provided to everyone. To add or remove a specific user, click Add or Remove respectively.
7. Click Apply.
8. Before clicking on close, observe the Network Path (Highlighted in the following image, use this path to access the specific folder through SMB Client).
SMB Drive Access
This shared C drive is created as read-only. If a user tries to create a folder in this shared drive the following error will appear.
Windows SMB Server Folder Specific Access
To provide an SMB Server Folder access, follow these steps.
1. Right-click the folder which you want to share.
2. Go to Properties and then Sharing.
3. Click Share. By default, a user who created the folder is the owner and has default access to it.
4. You can add other specific users and give them permission.
5. Click Share. Observer the Network Path. Use that path to access from the SMB client.
1. Right-click the folder which you want to share.
2. Go to Properties and then Sharing.
3. Click Share. By default, a user who created the folder is the owner and has default access to it.
4. You can add other specific users and give them permission.
5. Click Share. Observer the Network Path. Use that path to access from the SMB client.
SMB Server folder specific Access through Seqrite ZTNA Agent
