samba - Jan 2006 - Restrict users with their IPs

Hi All!

On my samba server I`ve got some stuff with require authorization. I create 
needed users for that. These users belong to the same group - private. But 
now I want to restrict them even more - I want to bind them to particular 
IPs. Eg user1 will be able to connect to private share only from user1_IP, 
user2 from user2_IP. How can I do this with samba ?

Here is my private share configuration:

[private]
        comment = [ private stuff ]
        path = /srv/samba/private
        browseable = yes
        guest ok = no
        read only = yes
        valid users = @private
        write list = @private
        force group = private
        hide dot files = yes
        hide unreadable = yes
        create mask = 0660
        directory mask = 0770
        force create mode = 0660
        force directory mode = 0770
        vfs object = audit
        preexec = sh -c 'cat /etc/samba/%S.motd | /usr/bin/smbclient -M %m
-I
%I' &

Thanks
-- 
If you think of MS-DOS as mono, and Windows as stereo,
  then Linux is Dolby Digital and all the music is free...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20060114/bc01dba1/attachment.bin

could you please try the following setup:

in your smb.conf add a line (newline after last command in [private] share)

include = /etc/samba/smb.conf.%U

e.g.

[private]
         comment = [ private stuff ]
         path = /srv/samba/private
         browseable = yes
         guest ok = no
         read only = yes
         valid users = @private
         write list = @private
         force group = private
         hide dot files = yes
         hide unreadable = yes
         create mask = 0660
         directory mask = 0770
         force create mode = 0660
         force directory mode = 0770
         vfs object = audit
         preexec = sh -c 'cat /etc/samba/%S.motd | ...

include = /etc/samba/smb.conf.%U

create (for each user in private group) a file called
/etc/samba/smb.conf.<firstusername> and so on

each file has to contain the following lines (e.g. 
/etc/samba/smb.conf.<firstusername>)

[share]
         hosts deny = 127.0.0.1, 192.168.0. EXCEPT 192.168.0.1

this example asumes, that the pc of "firstuser" has 192.168.0.1

second user gets
         hosts deny = 127.0.0.1, 192.168.0. EXCEPT 192.168.0.2

and so on

if you have trouble, please increase debug level (5)
you should see something like "processing section [private] twice - once 
for smb.conf and once for the included smb.conf.<firstuser>)


greez




Roman Makurin wrote:
> Hi All!
> 
> On my samba server I`ve got some stuff with require authorization. I create
> needed users for that. These users belong to the same group - private. But 
> now I want to restrict them even more - I want to bind them to particular 
> IPs. Eg user1 will be able to connect to private share only from user1_IP, 
> user2 from user2_IP. How can I do this with samba ?
> 
> Here is my private share configuration:
> 
> [private]
>         comment = [ private stuff ]
>         path = /srv/samba/private
>         browseable = yes
>         guest ok = no
>         read only = yes
>         valid users = @private
>         write list = @private
>         force group = private
>         hide dot files = yes
>         hide unreadable = yes
>         create mask = 0660
>         directory mask = 0770
>         force create mode = 0660
>         force directory mode = 0770
>         vfs object = audit
>         preexec = sh -c 'cat /etc/samba/%S.motd | /usr/bin/smbclient -M
%m -I
> %I' &
> 
> Thanks
> 

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137