Tunneling Samba over SSH
Sometimes it would be nice if a samba-share from another (sub-)network could be reached and connected to a Windows-PC as network drive (e.g. connecting the own home-directory at work to the PC at home). If there is SSH access to the network, you can of course work with an SSH-console (for Windows e.g. Putty) an transfer files via SCP or SFTP. But this is not as convenient as a network drive...
Exactly this can also be done (up to now, I only tried it on Windows XP, but it should work on other Windows-versions as well). The steps are:
- Open an SSH-connection to the network where the desired samba service is running.
- Open a tunnel form the local address 127.0.0.2, port 139, to the samba server, port 139. Opening a tunnel is normally described in the documentation of the SSH-tool in use. (The address 127.0.0.2 is used instead of the normal localhost address 127.0.0.1 to avoid some problems with local services on port 139, e.g. Windows-shares).
- On the windows command prompt (Start->Run: cmd), enter: net stop server. This closes services running (on port 139) of the local machine. You can also do this before setting up the SSH-connection.
- Now you can connect the samba-share as network drive. E.g. if the name of the share is ABC, you connect \\127.0.0.2\ABC as network drive.
That should be all. If there are still problems connecting the network drive, it might be that the samba server only
accepts plain-text passwords. In this case, a registry setting has to be changed to send the password as plain text. Changing the registry is always at
your own risk! The registry key to be changed is located at
and its name is EnablePlainTextPassword. The value of this key has to be set to 1 (standard setting is 0).
There is also a possibility without deactivating file and printer sharing. This other possibility makes use of an installed
Microsoft Loopback-Adapter. This Adapter is installed like a network card (the driver is included in Windows XP). Concerning the configuration of the Loopback-
Adapter: File and Printer sharing should not be assigned to the adapter. The adapter has to be assigned a fixed IP address (not from the 127.x.x.x range! Best
is to take an IP address from private address space, e.g. 10.10.10.10). In the extended TCP/IP settings, you have to deactivate NetBIOS over TCP/IP and LMHOSTS
lookup on the "WINS" register card.
When the Loopback-Adapter is configured as described, you can tunnel the Samba share to Port 139 of the adapter. Now the share can be connected as network drive from the adapter's IP address. By this, you can have the network share while keeping the file and printer sharing activated.