-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you are going to use "hosts allow" or "hosts deny", reverse DNS lookups must work on the server for any client connecting. You may want to run a caching and local DNS server. Otherwise, you might prefer to not use hosts allow and hosts deny, but set up a firewall instead. Regards, Buchan | Message: 17 | Date: Tue, 23 Apr 2002 17:01:18 -0500 | From: John Schmerold <john@katy.com> | To: samba@lists.samba.org | Subject: [Samba] Internet goes down. Samba dies | | Had a client's internet connection go down. | | No one could log into Samba 2.2.3a running on top of RH 7.2 | | I have following hosts lines in smb.conf: | hosts allow = 192.168.1. katyfax nick ap kh vp bg katy john-nt john-98 | hosts deny = all | | In /etc/hosts, I define: | katyfax, nick, ap, kh, vp, bg, katy, john-nt, john-98 | | | Ideas anybody? | | TIA | | | - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE8xmqYrJK6UGDSBKcRAqzUAJ49n+cV2ojakp8SePhOzYIyYIUWgACbBH+E AxQi+eusBYfnoJmGXdoHCyI=xWW1 -----END PGP SIGNATURE-----
If we specify ip addresses, instead of host names will this remove DNS server requirements? We're running a firewall on this machine, however, I like to keep all SAMBA security in one place. BTW, I know we didn't have this issue with older installs as we've been using this technique for some time, however I believe this is first time we used hostnames & depended on the hosts file. ----- Original Message ----- From: "Buchan Milne" <bgmilne@cae.co.za> To: "John Schmerold" <john@katy.com> Cc: <samba@lists.samba.org> Sent: Wednesday, April 24, 2002 3:19 AM Subject: Re: [Samba] Internet goes down. Samba dies> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If you are going to use "hosts allow" or "hosts deny", reverse DNS > lookups must work on the server for any client connecting. You may want > to run a caching and local DNS server. > > Otherwise, you might prefer to not use hosts allow and hosts deny, but > set up a firewall instead. > > Regards, > Buchan > > | Message: 17 > | Date: Tue, 23 Apr 2002 17:01:18 -0500 > | From: John Schmerold <john@katy.com> > | To: samba@lists.samba.org > | Subject: [Samba] Internet goes down. Samba dies > | > | Had a client's internet connection go down. > | > | No one could log into Samba 2.2.3a running on top of RH 7.2 > | > | I have following hosts lines in smb.conf: > | hosts allow = 192.168.1. katyfax nick ap kh vp bg katy john-nt john-98 > | hosts deny = all > | > | In /etc/hosts, I define: > | katyfax, nick, ap, kh, vp, bg, katy, john-nt, john-98 > | > | > | Ideas anybody? > | > | TIA > | > | > | > > > - -- > |----------------Registered Linux User #182071-----------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 > Stellenbosch Automotive Engineering http://www.cae.co.za > GPG Key http://ranger.dnsalias.com/bgmilne.asc > 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE8xmqYrJK6UGDSBKcRAqzUAJ49n+cV2ojakp8SePhOzYIyYIUWgACbBH+E > AxQi+eusBYfnoJmGXdoHCyI> =xWW1 > -----END PGP SIGNATURE----- > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
I have the same problem and I only use IP addresses in my Host Allow/Deny. Strange thing is when Internet access is lost one samba server is still reachable the other is not. I have not been able to find the difference between the two. Both have almost identical global configs (Hosts Allow/Deny). Luckily our connectivity is quite reliable. Hope to hear some other possible solutions. Thanks!> Date: Wed, 24 Apr 2002 07:40:28 -0500 > From: John Schmerold <John@katy.com> > Subject: Re: [Samba] Internet goes down. Samba dies > To: samba@lists.samba.org > > If we specify ip addresses, instead of host names will this remove DNS > server requirements? > > We're running a firewall on this machine, however, I like to keep allSAMBA> security in one place. > > BTW, I know we didn't have this issue with older installs as we've been > using this technique for some time, however I believe this is first timewe> used hostnames & depended on the hosts file. > > > ----- Original Message ----- > From: "Buchan Milne" <bgmilne@cae.co.za> > To: "John Schmerold" <john@katy.com> > Cc: <samba@lists.samba.org> > Sent: Wednesday, April 24, 2002 3:19 AM > Subject: Re: [Samba] Internet goes down. Samba dies > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > If you are going to use "hosts allow" or "hosts deny", reverse DNS > > lookups must work on the server for any client connecting. You may want > > to run a caching and local DNS server. > > > > Otherwise, you might prefer to not use hosts allow and hosts deny, but > > set up a firewall instead. > > > > Regards, > > Buchan > >
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remember, I am talking about reverse name lookups, meaning where samba has the IP address, but is looking up the name (as opposed to forward lookups which find an IP address for a given name). I haven't tried to setup reverse lookups with hosts files (I don't know if it would work, and I have no way of testing it, since we have working dynamic dns). So, either a)Set up DNS. There are other advantages to this (for example, ssh might give you a login prompt faster). Using dynamic DNS, ie DHCP which updates DNS records, (although a bit of trouble) will make your life easier. b)Don't use hosts allow or hosts deny c)Find some other way of ensuring samba can do reverse lookups. Maybe nss_wins can do this, but that doesn't help you on the machine that is the WINS server. I stumped my head against this one about 6 months ago (with a client's network), and I chose to setup a firewall, and not use hosts allow/hosts deny. I have since setup dynamic dns, which solved this the other way. Buchan | Message: 17 | From: "Mike Maki" <mmaki@adelphia.net> | To: <samba@lists.samba.org> | Subject: Re: [Samba] Internet goes down. Samba dies | Date: Wed, 24 Apr 2002 09:34:18 -0700 | | I have the same problem and I only use IP addresses in my Host Allow/Deny. | Strange thing is when Internet access is lost one samba server is still | reachable the other is not. I have not been able to find the difference | between the two. Both have almost identical global configs (Hosts | Allow/Deny). Luckily our connectivity is quite reliable. Hope to hear some | other possible solutions. | | Thanks! | |> Date: Wed, 24 Apr 2002 07:40:28 -0500 |> From: "John Schmerold" <john@katy.com> |> Subject: Re: [Samba] Internet goes down. Samba dies |> To: samba@lists.samba.org |> |> If we specify ip addresses, instead of host names will this remove DNS |> server requirements? |> |> We're running a firewall on this machine, however, I like to keep all | | SAMBA | |> security in one place. |> |> BTW, I know we didn't have this issue with older installs as we've been |> using this technique for some time, however I believe this is first time | | we | |> used hostnames & depended on the hosts file. |> |> |> ----- Original Message ----- |> From: "Buchan Milne" <bgmilne@cae.co.za> |> To: "John Schmerold" <john@katy.com> |> Cc: <samba@lists.samba.org> |> Sent: Wednesday, April 24, 2002 3:19 AM |> Subject: Re: [Samba] Internet goes down. Samba dies |> |> | |> > -----BEGIN PGP SIGNED MESSAGE----- |> > Hash: SHA1 |> > |> > If you are going to use "hosts allow" or "hosts deny", reverse DNS |> > lookups must work on the server for any client connecting. You may want |> > to run a caching and local DNS server. |> > |> > Otherwise, you might prefer to not use hosts allow and hosts deny, but |> > set up a firewall instead. |> > |> > Regards, |> > Buchan |> > | | | | | - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE8x8MerJK6UGDSBKcRAojzAJ0REoxB7YrhM/V8+zcVDhuWxFS52ACdFX3h aciZ5hak11EKVE0MIbSqKOw=CpB6 -----END PGP SIGNATURE-----