Configuring Agent Based SMB Applications

Print Friendly, PDF & Email

An agent-based application utilizing the SMB protocol can enable secure access to organizational users to servers or drives.

Configuring an SMB application to provide secure access to a file server

To configure an SMB application, follow these steps.

  1. Enter a unique Application Name.
  2. Upload a relevant Application Logo that will be visible to business users as a thumbnail.
  3. Enter the Application Description if any.
  4. In the IP Address/Domain Name field enter the File Server or Samba Share Server IP address.
  5. Select the SMB protocol from the dropdown. Automatically port number will be populated in the Port Value field next to it.
  6. Enter the External Domain Name that will be visible to business users.
    For Example, fileshare.seqrite.seqriteztna.com
  7. Select the appropriate App Connector from the dropdown.
    Add application - Application information
    Application types public web apps

Accessing an SMB Application as a business user

To access an SMB application as a business user, follow these steps.

  1. Log in to a user portal. For Example, apps.seqrite.seqriteztna.com.
    (The user portal domain name is unique for each account. Please check the same under Settings > Site management > Sidebar view)
  2. Click the file server application and connect.
  3. Copy the domain which is published after connecting the application.
  4. Paste it in a run window. For Example, \fileshare.seqrite.seqriteztna.com.

    Important Note: ☛

    1. Disable Server service from services.msc
      Reason: Port 445 is mandatory for accessing the application through SMB. Protocol. By default, the ‘Server’ service listens on port 445, which blocks the agent to listen on port 445. Hence it is recommended to stop and disable Server service. Once it is done, restart the machine and start accessing the SMP application.
    2. Connect to only one SMB server at a time.
      Reason: Windows strictly allows listening only on 127.0.0.1:445 for SMB.
      The above limitations are specific to Windows only.
      The Seqrite ZTNA Agent has no role in authenticating SMB Server Credentials nor in checking drive or folder-specific restrictions for any user. This is done on the SMB Server end.

Gaining full access to SMB Server

There are several ways to access an SMB server on Windows.

  1. Using Windows Run
    Press Windows Key + R. Enter \external_domain_name then click OK. (that is configured in Seqrite ZTNA admin console > Applications page.)
    Windows Run
  2. Using File Explorer Address Bar
    Type \external_domain_name (that is configured in AppCatalog) in the File Explorer Address Bar and click Enter.
    Windows Run

Business users can access SMB servers by following the above two methods. The business user will see all the shared folders available on the server. A user will get the following error if they attempt to access the folder they don’t have access to.

SMB No Access Error

Configuring SMB Server access as per requirements

Windows SMB Server Drive specific access
To configure a specific Drive for sharing, follow these steps.
1. Right-click the Drive.
2. Select Properties.
3. Go to Sharing.
SMB No Access Error
4. Go to Advanced Sharing. Click Share this folder. Change the Share Name (if required)
Advanced Sharing
5. Click on Permissions for user control and read/write permissions.
Permission for Drive
6. By default, read-only access is provided to everyone. To add or remove a specific user, click Add or Remove respectively.
7. Click Apply.
Permission for User
8. Before clicking on close, observe the Network Path (Highlighted in the following image, use this path to access the specific folder through SMB Client).
Network Path
SMB Drive Access
Read Only Drive Error

Read Only Drive Error
This shared C drive is created as read-only. If a user tries to create a folder in this shared drive the following error will appear.

Read Only Drive Error

Windows SMB Server Folder Specific Access
To provide an SMB Server Folder access, follow these steps.
1. Right-click the folder which you want to share.
2. Go to Properties and then Sharing.
SMB Script
3. Click Share. By default, a user who created the folder is the owner and has default access to it.
File Sharing
4. You can add other specific users and give them permission.
Choose Users
5. Click Share. Observer the Network Path. Use that path to access from the SMB client.
SMB Server folder specific Access through Seqrite ZTNA Agent
Choose Users
Was this page helpful?