How to access Samba share from Gnome Boxes Virtual Machine

Problem summary

1. Samba shares mounted on my Fedora 40 host machine do not seem to be accessible from my Boxes Windows 7 Guest.
2. They are accessible from other Windows machines on my network.

I am avoiding links in this post as this is my first post, but am happy to post them on request.

Any help you are able to give would be much appreciated.

What I did and what happened

1. In F40 host created Boxes Win 7 guest virtual machine from Virtual Box .vdi file, using Boxes add function and choosing to add from image file. Worked fine.
2. Installed Spice guest tools, inc Webdav shared folders. Guest tools worked fine. Webdav shared folders proved limited for my uses - sharing very large files and directories did not work.
3. So installed Samba in F40 host from command line, and edited config file to create shared folder. Also added my account as Samba user.
4. Checked my hostname with hostname from command line ‘mx.localdomain’. (The mx is a bit wierd probably come from the .vdi file being created under mx linux?)
5. Checked this was accessible from other Windows (11) machines on my home network, it was, on address ‘\mx.localdomain\datapart1’.
6. Tried to access share from guest using same address. ‘Windows cannot access \mx.localdomain\datapart1’ (code: 0x80004005, unknown error).
7. Ran ipconfig to find ip address of guest, found 192.168.124.4. So guessed VM had set up virtual network 192.168.24.x and tried \192.168.124.2/3\datapart1.Same error.

What I tried to fix it

1. Assumed Boxes had created virtual NAT mode network. Felt best solution probably to change network to fully bridged mode, so the VM would b a first class member of my home network and I could gain access from/to it, and manage it accordingly.
2. Installed Virtual Machine Manager to give more control than Boxes over network settings
3. Opened QEMU/KVM user session and was able to run my Win 7 Boxes VM, called ‘w7ox32’
4. Hoped that in QEMU/KVM User Session - Connection Details window, Virtual Networks tab the connection used by the VM would be displayed and I could change the mode to bridged (as I have before using VMware).
5. But no connection showed, though checking the W7ox32 on QEMU/KVM User Session/View/Details/NICs information the VM seemed to be using the /etc/libvirt/qemu/networks/default.xml settings.
6. Noted warning about direct editing of this file, and Red Hat documentation seeming to suggest only two network modes ‘routed’ and ‘nat’ were valid for this file, fully bridged mode requiring other changes (?to a domain file?) and thought I had better take advice
7. Tried a few other things suggested from posts on the web, including checking that a bridge existed and was enabled, but no luck with them either. Can post details on request)

System Details

1. Software: Fedora 40 Gnome default interface, last updated about 1 week ago, running from USB. Added BTRFS assistant, Samba, Gparted, Bridge-utils, Virtual Machine Manager
2. Computer: Dell 8300 3.4 Ghz with 16G RAM, several hard disks and some resources (inc some VMs) on USB (v2.x)s.
3. Network. Unifi wireless and wired/homeplug-based. Unifi so/ho Router and network management software. DHCP: 192.168.1.x/24.

When using the default virtual network:

sudo firewall-cmd --permanent --zone=libvirt --add-service=samba
sudo firewall-cmd --reload

When using the shared host bridge:

sudo firewall-cmd --permanent --add-forward
sudo firewall-cmd --permanent --add-service=samba
sudo firewall-cmd --reload 

See also: How to create a Samba share :: Fedora Docs

Added gnome-boxes, libvirt, networking, samba

Added howto-candidate

Thanks very much for your reply. I did run these commands:

sudo firewall-cmd --permanent --zone=libvirt --add-service=samba
sudo firewall-cmd --reload

But I did not, to my knowledge change any zone settings. What do you suggest?

Check the output:

virsh list --all
virsh dumpxml win7 --xpath //interface
systemctl status smb.service
sudo testparm -s
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --info-zone=libvirt
sudo firewall-cmd --info-zone=FedoraWorkstation

Many thanks for the quick reply. OK will run those commands and post results.

May be some clue in the fact that the Samba share works from other (non-virtual) machines on the LAN?

Blockquote
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --info-zone=libvirt
virsh dumpxml w7ox32 --xpath //interface
systemctl status smb.service
sudo testparm -s

Here is the output of those commands:

root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --get-active-zones
FedoraWorkstation (default)
  interfaces: wlp1s0b1 enp2s0
libvirt
  interfaces: virbr0
root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --info-zone=libvirt
libvirt (active)
  target: ACCEPT
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: virbr0
  sources: 
  services: dhcp dhcpv6 dns ssh tftp
  ports: 
  protocols: icmp ipv6-icmp
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule priority="32767" reject
root@mx:/etc/libvirt/qemu/autostart# virsh dumpxml w7ox32 --xpath //interface
error: failed to get domain 'w7ox32'

root@mx:/etc/libvirt/qemu/autostart# systemctl status smb.service
● smb.service - Samba SMB Daemon
     Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; preset: disa>
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Mon 2024-07-22 14:00:07 BST; 23h ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
   Main PID: 1300 (smbd)
     Status: "smbd: ready to serve connections..."
      Tasks: 3 (limit: 18958)
     Memory: 18.1M (peak: 41.4M swap: 3.2M swap peak: 3.3M)
        CPU: 920ms
     CGroup: /system.slice/smb.service
             ├─1300 /usr/sbin/smbd --foreground --no-process-group
             ├─1396 /usr/sbin/smbd --foreground --no-process-group
             └─1397 /usr/sbin/smbd --foreground --no-process-group

Jul 23 11:20:01 mx.localdomain smbd[38532]: [2024/07/23 11:20:01.325392,  0] ..>
Jul 23 11:20:01 mx.localdomain smbd[38532]:   make_connection_snum: canonicaliz>
Jul 23 11:20:01 mx.localdomain smbd[38532]: [2024/07/23 11:20:01.334211,  0] ..>
Jul 23 11:20:01 mx.localdomain smbd[38532]:   make_connection_snum: canonicaliz>
Jul 23 11:20:01 mx.localdomain smbd[38532]: [2024/07/23 11:20:01.340870,  0] ..>
Jul 23 11:20:01 mx.localdomain smbd[38532]:   make_connection_snum: canonicaliz>
Jul 23 11:20:01 mx.localdomain smbd[38532]: [2024/07/23 11:20:01.345447,  0] ..>
Jul 23 11:20:01 mx.localdomain smbd[38532]:   make_connection_snum: canonicaliz>
Jul 23 11:20:01 mx.localdomain smbd[38532]: [2024/07/23 11:20:01.351887,  0] ..>
Jul 23 11:20:01 mx.localdomain smbd[38532]:   make_connection_snum: canonicaliz>
root@mx:/etc/libvirt/qemu/autostart# sudo testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)

Server role: ROLE_STANDALONE

# Global parameters
[global]
	printcap name = cups
	security = USER
	wins support = Yes
	idmap config * : backend = tdb
	cups options = raw
	include = /etc/samba/usershares.conf


[homes]
	browseable = No
	comment = Home Directories
	inherit acls = Yes
	read only = No
	valid users = %S %D%w%S


[printers]
	browseable = No
	comment = All Printers
	create mask = 0600
	path = /var/tmp
	printable = Yes


[print$]
	comment = Printer Drivers
	create mask = 0664
	directory mask = 0775
	force group = @printadmin
	path = /var/lib/samba/drivers
	write list = @printadmin root


[datapart1]
	comment = DriveD
	create mask = 0644
	path = /run/media/mike/DATAPART1
	read only = No
	valid users = mike

From you previous post I am sorry but I am not sure what a ‘shared host bridge’ is. Should I run these command or should I check for it first?

Output from:

Blockquote

sudo firewall-cmd --permanent --zone=libvirt --add-service=samba
sudo firewall-cmd --permanent --add-forward
sudo firewall-cmd --reload
sudo firewall-cmd --info-zone=libvirt
sudo firewall-cmd --info-zone=FedoraWorkstation
virsh dumpxml w7ox32 --xpath //interface

Here it is:

root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --permanent --zone=libvirt --add-service=samba
success
root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --permanent --add-forward
success
root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --reload
success
root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --info-zone=libvirt
libvirt (active)
  target: ACCEPT
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: virbr0
  sources: 
  services: dhcp dhcpv6 dns samba ssh tftp
  ports: 
  protocols: icmp ipv6-icmp
  forward: no
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule priority="32767" reject
root@mx:/etc/libvirt/qemu/autostart# sudo firewall-cmd --info-zone=FedoraWorkstation
FedoraWorkstation (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: enp2s0 wlp1s0b1
  sources: 
  services: dhcpv6-client mdns samba samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
root@mx:/etc/libvirt/qemu/autostart# virsh dumpxml w7ox32 --xpath //interface
error: failed to get domain 'w7ox32'

root@mx:/etc/libvirt/qemu/autostart# 

Is it maybe relevant that the hostname in Windows 7 is ‘Mike-VM’ not ‘w7ox32’? ‘w7ox32’ is the name I gave to the VM in Boxes.

Also I am wondering whether in allowing Samba in the FW, I may not have specifically allowed the zone you mention… If so my mistake, sorry.

Many thanks again. Mouse

Ah silly me, did not notice the ‘#’, apologies. Output from:

virsh list --all
virsh dumpxml w7ox32 --xpath //interface
virsh dumpxml win7 --xpath //interface

Here it is:

mike@mx:/etc$ virsh list --all
 Id   Name   State
----------------------
 4    win7   running

mike@mx:/etc$ virsh dumpxml w7ox32 --xpath //interface
error: failed to get domain 'w7ox32'

mike@mx:/etc$ virsh dumpxml win7 --xpath //interface
<interface type="bridge">
  <mac address="52:54:00:27:42:7f"/>
  <source bridge="virbr0"/>
  <target dev="tap0"/>
  <model type="rtl8139"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x02" slot="0x01" function="0x0"/>
</interface>

mike@mx:/etc$ 

The firewall configuration now looks correct.
Check if the problem with Samba is still relevant.

Thanks very much progress I think. Still cannot access, but in the guest the Windows Explorer error has changed to 0x80070043. “The network name cannot be found”

Bit wierd as it can be found by other physical Windows computers on the network!

Ah it’s ok with the mx.localdomain, and shows the datapart1 share, together with a home share. But it cannot access the datapart1 share, though that share is accessible from a physical (Windows 11) computer on the network.

[Edit]. OK, solved the rest myself - I had not mounted the share today. It was mounted when I tested from the other computer yesterday. Now I have access thanks very much indeed.

BTW is it easy to put this VM in totally bridged mode? So it gets it’s IP from my router and is a full member of the wider network. That would be preferrable if easy to achieve, but not essential.

This deserves a separate topic to discuss in detail.

OK I will post one later.

Thank you very much for all your help with this, which is much appreciated.

Have you marked the appropriate solution post? If not, which post should I mark?

Kind regards and many thanks again. Mouse.

The howto documentation is a bit scattered, but the short version is that you create a bridge device using for example nm-connection-editor and attach your physical ethernet device to that bridge.

Then you can create the bridge connection in the client configuration.

Screenshot_2024-07-23_17-57-34691×439 41 KB

@ Villy. Thanks very much Villy. I’ll create a separate topic tomorrow and refer to your very useful post in it if I may.

@ Vladislav. Just to say that I have checked and the business problems I was trying to resolve - no large directory/file access using Webdav shared folders, and difficulty in controlling drive mappings - are fuly resolved using the Samba networking your help allowed me to implement. So you have resolved a major headache for me, thank you very much indeed.