samba - Jan 2009 - "Hosts allow" directive is not correctly evaluated for printer shares

Hello,

the access to printer shares is denied because the client IP address is
allegedly not in the "hosts allow" list, although it actually is and
access to normal shares perfectly works.

I have two samba servers (3.0.33) in two different subnets with pure
Windows-XP-Clients. The first subnet is 192.168.1.0/24 and the server's ip
address is 192.168.1.1. Let's call this server A for short. The second
subnet is 192.168.2.0/24 and the server's ip address is 192.168.2.1. (Server
B). Routing between both subnets works perfectly and server A is configured as a
WINS server. Server B and all clients use this WINS server. Cross subnet
browsing works, too. All hosts from both subnets are supposed to be allowed to
access shares on both servers. For normal "file" shares it works.

If a client tries to print to a printer share on the Samba server in the same
subnet, access to this printer share is permitted, too. But if a client tries to
print to a printer share on the Samba server of the other subnet, access is
denied. Allegedly the ip address is not in the "hosts allow"
directive. But why? In the example below a client from the first subnet with the
ip address 192.168.1.244, tries to print to server B (192.168.2.1).

Snippets from my smb.conf of client B:

interfaces = 192.168.2.1 127.0.0.1
hosts allow = 192.168.2.0/24 192.168.4.0/24 192.168.1.0/24 127.0.0.0/8
bind interfaces only = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

name resolve order = host wins
wins support = no
wins server = 192.168.1.1

printcap name = cups
load printers = yes
printing = cups

[printers]
comment = Alle Drucker
path = /var/spool/samba
browseable = no
writable = no
printable = yes

[print$]
comment = Druckertreiber
path = /var/lib/samba/printers
browseable = yes

These two log message appear, if the client tries to connect to the printer.
Oddly, access it permitted first and then denied in the same moment:

[2009/01/20 18:40:19, 2] lib/access.c:check_access(323)
   Allowed connection from  (192.168.1.244)
[2009/01/20 18:40:19, 0] lib/access.c:check_access(327)
   Denied connection from  (192.168.1.244)

If I comment out the "allow hosts" directive, the problem stays the
same. Something that is even more strange. Any ideas?

Matthias

_______________________________________________________________________
Sensationsangebot verl?ngert: WEB.DE FreeDSL - Telefonanschluss + DSL
f?r nur 16,37 Euro/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a

On Tue, Jan 20, 2009 at 07:39:25PM +0100, Matthias Nagel
wrote:
> 
> These two log message appear, if the client tries to connect to the
printer. Oddly, access it permitted first and then denied in the same moment:
> 
> [2009/01/20 18:40:19, 2] lib/access.c:check_access(323)
>    Allowed connection from  (192.168.1.244)
> [2009/01/20 18:40:19, 0] lib/access.c:check_access(327)
>    Denied connection from  (192.168.1.244)
> 
> If I comment out the "allow hosts" directive, the problem stays
the same. Something that is even more strange. Any ideas?
Send in a full debug level 10 log from smbd so we can see exactly
what is going on here.

Thanks,

Jeremy.