On 10 November 2016 at 15:37, Linda W <samba at tlinx.org> wrote:> Erick Ocrospoma via samba wrote: > >> On 10 November 2016 at 07:51, Vinicius Bones Silva via samba < >> samba at lists.samba.org> wrote: >> >> >> >>> PROBABLY its a problem with your reverse dns resolution. >>> >>> >> Hi, >> >> DNS resolution seems to work fine. >> >> > ---- > Vinicius didn't ask about DNS resolution, exactly, but > *reverse* DNS resolution -- i.e. looking up a name from an address. > > At best, nslookup is the wrong tool: > >> [root at server0 ~]# nslookup 172.25.0.100 >> Server: 172.25.0.254 >> Address: 172.25.0.254#53 > > >> > --- > as the above shows: not only does nslookup on the ip not > return the name, but it returns the IP for a different machine! >That's the DNS server IP. > > If you have 'dig', the "-x" option should do the trick. > > dig -x 172.25.0.100 > [root at server 0 ~]# dig -x 172.25.0.10 0 ; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -x 172.25.0.10 0 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57067 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ; 10 0 .0.25.172.in-addr.arpa. IN PTR ;; ANSWER SECTION: 10 0 .0.25.172.in-addr.arpa. 86400 IN PTR desktop.example.com. ;; AUTHORITY SECTION: 25.172.in-addr.arpa. 86400 IN NS classroom.example.com. ;; ADDITIONAL SECTION: classroom.example.com. 86400 IN A 172.25.254.254 ;; Query time: 0 msec ;; SERVER: 172.25.0.254#53(172.25.0.254) ;; WHEN: Thu Nov 10 15:48:12 EST 2016 ;; MSG SIZE rcvd: 127 > > If you want to not take a cached answer (as the dig, above does), > you can specify a server or trace from the root: > > dig @dns-server1 -x IPaddr > dig @dns-server2 -x IPaddr > > or tracing: > > dig +trace -x IPaddr > > > Cheers, > -l > > > >-- Erick. ------------------------------------------- IRC : zerick Blog : http://zerick.me About : http://about.me/zerick Linux User ID : 549567
Erick Ocrospoma wrote:> > > [root at server0 ~]# nslookup 172.25.0.100 > Server: 172.25.0.254 > Address: 172.25.0.254#53 > > > > --- > as the above shows: not only does nslookup on the ip not > return the name, but it returns the IP for a different machine! > > > That's the DNS server IP.--- I figured as much... still not what you want though...;-)> > > > > If you have 'dig', the "-x" option should do the trick. > > dig -x 172.25.0.100 > > > > [root at server > 0 > ~]# dig -x 172.25.0.10 > 0 > > ;; QUESTION SECTION: > ; > > 10 > 0 > .0.25.172.in-addr.arpa. IN PTR > > ;; ANSWER SECTION: > 10 > 0 > .0.25.172.in-addr.arpa. 86400 IN PTR desktop.example.com > <http://desktop.example.com>.--- Is that the answer you expected? I wasn't sure what you were trying to do, since your subject said you were trying to block hosts by domain, whereas your smb.conf file only seemed to have a "hosts allow": hosts allow = 172.25.0. .example.com ...that would only work for a user named 'susan' who has validated against the the server. I.e. When you go to map 'data' to a drive, I believe you would need to 'connect using different credentials', and enter susan's creds in the dialog.
On 10 November 2016 at 16:14, L A Walsh <samba at tlinx.org> wrote:> Erick Ocrospoma wrote: > >> >> >> [root at server0 ~]# nslookup 172.25.0.100 >> Server: 172.25.0.254 >> Address: 172.25.0.254#53 >> >> --- >> as the above shows: not only does nslookup on the ip not >> return the name, but it returns the IP for a different machine! >> >> >> That's the DNS server IP. >> > --- > I figured as much... still not what you want though...;-) > >> >> >> >> If you have 'dig', the "-x" option should do the trick. >> >> dig -x 172.25.0.100 >> >> >> >> [root at server >> 0 >> ~]# dig -x 172.25.0.10 >> 0 >> >> ;; QUESTION SECTION: >> ; >> >> 10 >> 0 >> .0.25.172.in-addr.arpa. IN PTR >> >> ;; ANSWER SECTION: >> 10 >> 0 >> .0.25.172.in-addr.arpa. 86400 IN PTR desktop.example.com < >> http://desktop.example.com>. >> > --- > Is that the answer you expected? > I wasn't sure what you were trying to do, since your subject > said you were trying to block hosts by domain, whereas your > smb.conf file only seemed to have a "hosts allow": > > hosts allow = 172.25.0. .example.com > > ...that would only work for a user named 'susan' who has validated > against the the server. I.e. When you go to map 'data' to a drive, > I believe you would need to 'connect using different credentials', > and enter susan's creds in the dialog. > > > hosts allow entry should allow only example.com hosts, then blocking any other hosts. That's my objective. And yes, hosts allow entry is only for that share, and for user susan (authentication passes). If I allow 172.25.1.x network, then that share is mountable (but have to remove that .example.com entry). If I use hostname (example.com) rejects any network and any host. -- Erick. ------------------------------------------- IRC : zerick Blog : http://zerick.me About : http://about.me/zerick Linux User ID : 549567