Jeremy Allison
2021-Feb-10 20:14 UTC
[Samba] Is it possible to set the protocol for a single client
On Wed, Feb 10, 2021 at 08:02:41PM +0000, Rowland penny wrote:>On 10/02/2021 19:46, Jeremy Allison wrote: >> >>Matching on the remote hostname (%M) is >>done at socket accept time (it's how >>we handle the "hosts allow/ hosts deny" >>parameters. >> >>This is *before* the negprot is processed, >>so if there is an include that adds >>"server minimum protocol = NT1" it >>will allow the client that matches >>to connect using SMB1, but all others >>will be restricted to SMB2+. > >OK, I can understand that, but are you saying that if there is a line >like 'include = /path/to/smb.conf.%M' in smb.conf and there is a file >called smb.conf.clientname in /path/to , then the contents of that >will be used instead of what is in the main smb.conf ?Not instead of, included at that point.>Wouldn't you have to reload the samba config ?et voila ! source3/smbd/process.c:smbd_process() 4114 /* this is needed so that we get decent entries 4115 in smbstatus for port 445 connects */ 4116 set_remote_machine_name(remaddr, false); 4117 reload_services(sconn, conn_snum_used, true); Remember, Samba is *old* and has many, many strange wrinkles that were added a long time ago :-).
Jeremy Allison
2021-Feb-10 20:16 UTC
[Samba] Is it possible to set the protocol for a single client
On Wed, Feb 10, 2021 at 12:14:06PM -0800, Jeremy Allison via samba wrote:>On Wed, Feb 10, 2021 at 08:02:41PM +0000, Rowland penny wrote: >>On 10/02/2021 19:46, Jeremy Allison wrote: >>> >>>Matching on the remote hostname (%M) is >>>done at socket accept time (it's how >>>we handle the "hosts allow/ hosts deny" >>>parameters. >>> >>>This is *before* the negprot is processed, >>>so if there is an include that adds >>>"server minimum protocol = NT1" it >>>will allow the client that matches >>>to connect using SMB1, but all others >>>will be restricted to SMB2+. >> >>OK, I can understand that, but are you saying that if there is a >>line like 'include = /path/to/smb.conf.%M' in smb.conf and there is >>a file called smb.conf.clientname in /path/to , then the contents of >>that will be used instead of what is in the main smb.conf ? > >Not instead of, included at that point. > >>Wouldn't you have to reload the samba config ? > >et voila ! > >source3/smbd/process.c:smbd_process() > >4114 /* this is needed so that we get decent entries >4115 in smbstatus for port 445 connects */ >4116 set_remote_machine_name(remaddr, false); >4117 reload_services(sconn, conn_snum_used, true); > >Remember, Samba is *old* and has many, many >strange wrinkles that were added a long time >ago :-).This "feature" was commonly used a long time ago to present different shares to different client machines depending on IP address/name.