Hi all, I would like to do something like this at Samba level: hosts allow = subnet1/mask1 subnet2/mask2 etc hosts deny = * But this doesn't seem to work (machine that are not in subnet1 and not in subnet2 still have access) I think the * is not understood by Samba, I tried ALL, this didn't work either. I'm gonna check the samba source code but if I could get an expert answer that'd be nice =) Any idea ? Ben. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- =- Benoit Boudeville | CANAL+ Technologies --= Computer System Engineer | 34, place Raoul Dautry =- =- mailto:bboudev@canal-plus.fr | 75516 Paris Cedex 15 --= Tel: 01.71.71.55.83 | Fax: 01.71.71.55.77 =- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Ben, On Thu, 24 Aug 2000 12:09:54 +0200, dqpr10@canal-plus.fr wrote:>I would like to do something like this at Samba level: > > hosts allow = subnet1/mask1 subnet2/mask2 etc > hosts deny = * > >But this doesn't seem to work (machine that are not in subnet1 and >not in subnet2 still have access)Try "hosts deny 0.0.0.0/0 EXCEPT subnet1/mask1 subnet2/mask2". Regards, Robert -- --------------------------------------------------------------- Robert.Dahlem@gmx.net Fax +49-69-432647 ---------------------------------------------------------------
On Thu, 24 Aug 2000 dqpr10@canal-plus.fr wrote:> I would like to do something like this at Samba level: > > hosts allow = subnet1/mask1 subnet2/mask2 etc > hosts deny = * > > But this doesn't seem to work (machine that are not in subnet1 and > not in subnet2 still have access) > > I think the * is not understood by Samba, I tried ALL, this didn't > work either. I'm gonna check the samba source code but if I could > get an expert answer that'd be nice =)I don't think that you need the "hosts deny" line - Samba starts off willing to talk to any host, but once you have specified a "hosts allow" list then anything not specifically permitted is forbidden. Remove the "hosts deny" line, restart Samba and retest. If it doesn't do what you expect then there is something wrong with your "hosts allow" line. Regards, -- Neil Hoggarth Departmental Computer Officer <neil.hoggarth@physiol.ox.ac.uk> Laboratory of Physiology http://www.physiol.ox.ac.uk/~njh/ University of Oxford, UK