We have found that a number of users (especially notebook user with Win95) try to change their IP-address to get more permissions when they login to the network. Since we have a database with all of the systems registered and we already automatically build our configuration files when something changing in this database (MySql), we tried to block the unregistered IP number by expanding the hosts allow option in the smb.conf with all the IP number in the database. Original Entry: hosts allow = 195.193.119. localhost changed to include = /usr/local/samba/lib/include/hosts_allow119.smb (all parts of the smb.conf file created by an update in the database have an include line in the smb.conf file, therefor not the smb.conf is updated but the include files are updated) the include file for the hosts allow looks like: hosts allow = 195.193.119.1 \ 195.193.119.10 \ 195.193.119.11 \ . . . . . . . . 195.193.119.201 \ localhost Using this generated an error indicating that the string was to long. We have also tried to put de line hosts allow directly into the smb.conf, but also this generated the same error. We are not using NIS and can not use the netgroup option. We also have tried to replace the C class part of the IP number with an environment variable, but cannot find a variable with this value. How can we overcome this string to long error?
h p. why u're not using a combination between hosts allow and hosts deny also use bind interfaces... P. Bruggink schrieb:> We have found that a number of users (especially notebook user with > Win95) try to change their IP-address to get more permissions when they > login to the network. Since we have a database with all of the systemsi cannot follow: how do they get *more* permissions on samba? are u not using 'security=user || security=domain' ? also, maybe there's a possibility with DHCP to prevent this?> registered and we already automatically build our configuration files > when something changing in this database (MySql), we tried to block the > unregistered IP number by expanding the hosts allow option in the > smb.conf with all the IP number in the database.maybe i cannot follow u. but why u try to block ip's dynamically with samba. (a.f.a.i.k. u have to restart samba to make effect hosts allow) why u're not simply using iptables or ipchains? i think, thats the best way...> > Original Entry: > > hosts allow = 195.193.119. localhost > > changed to > > include = /usr/local/samba/lib/include/hosts_allow119.smb > > (all parts of the smb.conf file created by an update in the database > have an include line in the smb.conf file, therefor not the smb.conf is > updated but the include files are updated) > > the include file for the hosts allow looks like: > > hosts allow = 195.193.119.1 \ > 195.193.119.10 \ > 195.193.119.11 \ > . > . > . > . > . > . > . > . > 195.193.119.201 \ > localhost > > Using this generated an error indicating that the string was to long. We > have also tried to put de line hosts allow directly into the smb.conf, > but also this generated the same error. We are not using NIS and can not > use the netgroup option. > We also have tried to replace the C class part of the IP number with an > environment variable, but cannot find a variable with this value. > > How can we overcome this string to long error?maybe with "hosts deny" that will be less adresses... i hope it helpes, let me know gk> > >
Poos Krisztian
2003-Sep-10 12:02 UTC
[Samba] one user from only one workstation at the same time
Hi, I have a problem, I cannot set the samba as it allows users to log on only from one workstation at the same time. Anyone can tell me please how can i solve this problem with samba. The system is Debian GNU Linux woody, samba's version is: 2.2.3a-12.3 The samba is working as PDC well, i only need this option. Thank you in advance. -[Rocky]---[ Poos Krisztian ]---[ Linux / Debian 2.2 ]---[ F-S-F ]- -------[ Email : rocky@mail.modultechnika.hu ]------- ----[ www : http://rocky.modultechnika.hu ]---- ----[ ICQ uin# : 33461141 ]----