Matthias Nagel
2009-Jan-20 19:09 UTC
[Samba] "Hosts allow" directive is not correctly evaluated for printer shares
Hello, the access to printer shares is denied because the client IP address is allegedly not in the "hosts allow" list, although it actually is and access to normal shares perfectly works. I have two samba servers (3.0.33) in two different subnets with pure Windows-XP-Clients. The first subnet is 192.168.1.0/24 and the server's ip address is 192.168.1.1. Let's call this server A for short. The second subnet is 192.168.2.0/24 and the server's ip address is 192.168.2.1. (Server B). Routing between both subnets works perfectly and server A is configured as a WINS server. Server B and all clients use this WINS server. Cross subnet browsing works, too. All hosts from both subnets are supposed to be allowed to access shares on both servers. For normal "file" shares it works. If a client tries to print to a printer share on the Samba server in the same subnet, access to this printer share is permitted, too. But if a client tries to print to a printer share on the Samba server of the other subnet, access is denied. Allegedly the ip address is not in the "hosts allow" directive. But why? In the example below a client from the first subnet with the ip address 192.168.1.244, tries to print to server B (192.168.2.1). Snippets from my smb.conf of client B: interfaces = 192.168.2.1 127.0.0.1 hosts allow = 192.168.2.0/24 192.168.4.0/24 192.168.1.0/24 127.0.0.0/8 bind interfaces only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = host wins wins support = no wins server = 192.168.1.1 printcap name = cups load printers = yes printing = cups [printers] comment = Alle Drucker path = /var/spool/samba browseable = no writable = no printable = yes [print$] comment = Druckertreiber path = /var/lib/samba/printers browseable = yes These two log message appear, if the client tries to connect to the printer. Oddly, access it permitted first and then denied in the same moment: [2009/01/20 18:40:19, 2] lib/access.c:check_access(323) Allowed connection from (192.168.1.244) [2009/01/20 18:40:19, 0] lib/access.c:check_access(327) Denied connection from (192.168.1.244) If I comment out the "allow hosts" directive, the problem stays the same. Something that is even more strange. Any ideas? Matthias _______________________________________________________________________ Sensationsangebot verl?ngert: WEB.DE FreeDSL - Telefonanschluss + DSL f?r nur 16,37 Euro/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a
Jeremy Allison
2009-Jan-20 22:26 UTC
[Samba] "Hosts allow" directive is not correctly evaluated for printer shares
On Tue, Jan 20, 2009 at 07:39:25PM +0100, Matthias Nagel wrote:> > These two log message appear, if the client tries to connect to the printer. Oddly, access it permitted first and then denied in the same moment: > > [2009/01/20 18:40:19, 2] lib/access.c:check_access(323) > Allowed connection from (192.168.1.244) > [2009/01/20 18:40:19, 0] lib/access.c:check_access(327) > Denied connection from (192.168.1.244) > > If I comment out the "allow hosts" directive, the problem stays the same. Something that is even more strange. Any ideas?Send in a full debug level 10 log from smbd so we can see exactly what is going on here. Thanks, Jeremy.