On 10 November 2016 at 07:51, Vinicius Bones Silva via samba <
samba at lists.samba.org> wrote:
> PROBABLY its a problem with your reverse dns resolution.
>
> From the samba server, if you do a host 172.25.0.12 (change as
> appropriate) does it resolve to a hostname in the .example.com domain? If
> it don't, samba wont know that it's uspposed to block the access.
>
>
>
Hi,
DNS resolution seems to work fine.
[root at server0 ~]# nslookup desktop.example.com
Server: 172.25.0.254
Address: 172.25.0.254#53
Name: desktop.example.com
Address: 172.25.0.100
[root at server0 ~]# nslookup 172.25.0.100
Server: 172.25.0.254
Address: 172.25.0.254#53
100.0.25.172.in-addr.arpa name = desktop.example.com.
Error showed in /var/log/messages while trying to mount share
Nov 10 15:05:34 server0 smbd[3026]: STATUS=daemon 'smbd' finished
starting
up and ready to serve connectionsDenied connection from 172.25.0.100 (172.
25.0.100)
Nov 10 15:06:04 server0 smbd[3028]: STATUS=daemon 'smbd' finished
starting
up and ready to serve connectionsDenied connection from 172.25.0.100
(172.25.0.100)
I also tried by editting /etc/hosts, but same result.
> Em 09/11/2016 19:37, Erick Ocrospoma via samba escreveu:
>
>> Hi everybody,
>>
>>
>> I'm setting up a Samba under RHEL 7.0, just a simple samba server.
But I'm
>> having trouble with blocking access to shares, to be specific with
domain
>> block.
>>
>> I'm using default config in samba.conf, just added the share's
config.
>>
>> While blocking by network range it works. Even when some IPs in the
>> network
>> 172.25.0.X are subdomains of example.com, they are not blocked.
>>
>> Name resolution is done with a DNS server, which works fine. I mean,
each
>> host can do name resolution to other hosts on example.com domain.
>>
>> Here is the samba config:
>>
>> [global]
>> workgroup = TESTGROUP
>> server string = Samba Server Version %v
>> log file = /var/log/samba/log.%m
>> max log size = 50
>> security = user
>> passdb backend = tdbsam
>> load printers = yes
>> cups options = raw
>>
>> [homes]
>> comment = Home Directories
>> browseable = no
>> writable = yes
>>
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> browseable = no
>> guest ok = no
>> writable = no
>> printable = yes
>>
>> [data]
>> comment = DATA share
>> path = /sambadir
>> hosts allow = 172.25.0. .example.com
>> browsable = yes
>> valid users = susan
>>
>> [cluster]
>> comment = CLUSTER share
>> path = /opstack
>> valid users = frankenstein
>>
>>
>>
>> Thanks in advance.
>>
>>
>>
>>
> --
>
>
> Vinicius Silva
> SOC
>
>
> BRA: + 55 51 2117.1000 | 55 11 5521.2021
> USA: + 1 888 259.5801
> vbs at e-trust.com.br
> skype: vinicius.bones.silva
>
>
>
>
>
>
>
>
>
> Smiley face
>
> www.e-trust.com.br <http://www.e-trust.com.br/>
>
>
> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se
> você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar
> ou tomar qualquer atitude com base nestas informações. Solicitamos que você
> apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para
> suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas
> nesta mensagem não necessariamente refletem a posição oficial da E-TRUST.
> Caso assinada digitalmente, a autenticidade desta mensagem pode ser
> confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em
> www.e-trust.com.br.
>
> This message may contain privileged and confidential information for the
> use of the intended recipients only. If you are not an intended recipient
> then you should not disseminate, copy, or take any action based on its
> contents. If you have received this message in error then please notify
> E-TRUST by sending an e-mail message to suporte at e-trust.com.br
> immediately. Views and opinions expressed in this message do not
> necessarily reflect the position of E-TRUST. If this message is digitally
> signed, its authenticity can be confirmed by E-TRUST Private Certificate
> Authority, available at www.e-trust.com.br.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
--
Erick.
-------------------------------------------
IRC : zerick
Blog : http://zerick.me
About : http://about.me/zerick
Linux User ID : 549567