I've got an interesting little set-up that I can't figure out. I'm hoping someone here knows what I need to do. Basically, I need to be able to restrict home directories by interfaces. Here are the details: My samba box NFS mounts /export/home from a Sun box onto /home. My samba box has multiple interfaces (virtual LANS, but we can think of them as separate NICs (at least I do!)). Let's say I've got two vlans, 192.168.1.0/24 and 192.168.2.0/24. If I set up the /home shares as separate shares, I can restrict access based on interfaces. The problem with this is that the people on the .1 network can see (but not access) the shares on the .2 network. If I set up the /home shares as [homes], the user will see only their share. But this has the following problem: A user from network .2 can logon to the .1 network and see his share. This is not a Good Thing since the neworks are owned by two different companies. So, in a nutshell, I need to one samba server to have shares that are invisible on one network but browseable on another *and* to restrict access of [homes] directory by network. Any ideas? Any one? Any one? Bueller? ====Sincerely, Faber Fedor LinuxNJ.com - Linux and Open Source solutions for New Jersey http://www.linuxnj.com __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
I forgot to mention that the Samba server is running Red Hat Linux 6.2 and the clients are Win98 and higher. TIA! --- Faber Fedor <faberfedor@yahoo.com> wrote:> I've got an interesting little set-up that I can't figure out. I'm hoping > someone here knows what I need to do. Basically, I need to be able to > restrict > home directories by interfaces. Here are the details: > > My samba box NFS mounts /export/home from a Sun box onto /home. My samba box > has multiple interfaces (virtual LANS, but we can think of them as separate > NICs (at least I do!)). Let's say I've got two vlans, 192.168.1.0/24 and > 192.168.2.0/24. > > If I set up the /home shares as separate shares, I can restrict access based > on > interfaces. The problem with this is that the people on the .1 network can > see > (but not access) the shares on the .2 network. > > If I set up the /home shares as [homes], the user will see only their share. > But this has the following problem: A user from network .2 can logon to the > .1 > network and see his share. This is not a Good Thing since the neworks are > owned by two different companies. > > So, in a nutshell, I need to one samba server to have shares that are > invisible > on one network but browseable on another *and* to restrict access of [homes] > directory by network. > > Any ideas? Any one? Any one? Bueller? > > > > ====> Sincerely, > > Faber Fedor > LinuxNJ.com - Linux and Open Source solutions for New Jersey > > http://www.linuxnj.com > > __________________________________________________ > Do You Yahoo!? > Yahoo! Shopping - Thousands of Stores. Millions of Products. > http://shopping.yahoo.com/ >====Sincerely, Faber Fedor LinuxNJ.com - Linux and Open Source solutions for New Jersey http://www.linuxnj.com __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Faber Fedor wrote:> > I've got an interesting little set-up that I can't figure out. I'm hoping > someone here knows what I need to do. Basically, I need to be able to restrict > home directories by interfaces. Here are the details: > > My samba box NFS mounts /export/home from a Sun box onto /home. My samba box > has multiple interfaces (virtual LANS, but we can think of them as separate > NICs (at least I do!)). Let's say I've got two vlans, 192.168.1.0/24 and > 192.168.2.0/24. > > If I set up the /home shares as separate shares, I can restrict access based on > interfaces. The problem with this is that the people on the .1 network can see > (but not access) the shares on the .2 network. > > If I set up the /home shares as [homes], the user will see only their share. > But this has the following problem: A user from network .2 can logon to the .1 > network and see his share. This is not a Good Thing since the neworks are > owned by two different companies. > > So, in a nutshell, I need to one samba server to have shares that are invisible > on one network but browseable on another *and* to restrict access of [homes] > directory by network. > > Any ideas? Any one? Any one? Bueller? > > ====> Sincerely, > > Faber Fedor >Look into the "include" directive with a couple variables. I'd have different [homes] based on primary group if possible. I've played around with it a little while, and you can do some really nice things with it. Although I'm not sure where the %g and %G are defined during login. HTH Mike