Is this possible?
A.J. Leitell
lordacid at ispchannel.com
Sat Dec 23 09:11:09 GMT 2000
Use IpFilter and set up your rules so that the networks cannot access each
other... read about it at:
http://coombs.anu.edu.au/~avalon/ip-filter.html
----- Original Message -----
From: "Mike Fedyk" <mfedyk at matchmail.com>
To: <faber at linuxnj.com>
Cc: <samba at lists.samba.org>
Sent: Friday, December 22, 2000 9:09 PM
Subject: Re: Is this possible?
> Faber Fedor wrote:
> >
> > I've got an interesting little set-up that I can't figure out. I'm
hoping
> > someone here knows what I need to do. Basically, I need to be able to
restrict
> > home directories by interfaces. Here are the details:
> >
> > My samba box NFS mounts /export/home from a Sun box onto /home. My samba
box
> > has multiple interfaces (virtual LANS, but we can think of them as
separate
> > NICs (at least I do!)). Let's say I've got two vlans, 192.168.1.0/24
and
> > 192.168.2.0/24.
> >
> > If I set up the /home shares as separate shares, I can restrict access
based on
> > interfaces. The problem with this is that the people on the .1 network
can see
> > (but not access) the shares on the .2 network.
> >
> > If I set up the /home shares as [homes], the user will see only their
share.
> > But this has the following problem: A user from network .2 can logon to
the .1
> > network and see his share. This is not a Good Thing since the neworks
are
> > owned by two different companies.
> >
> > So, in a nutshell, I need to one samba server to have shares that are
invisible
> > on one network but browseable on another *and* to restrict access of
[homes]
> > directory by network.
> >
> > Any ideas? Any one? Any one? Bueller?
> >
> > =====
> > Sincerely,
> >
> > Faber Fedor
> >
> Look into the "include" directive with a couple variables. I'd have
different
> [homes] based on primary group if possible.
>
> I've played around with it a little while, and you can do some really nice
> things with it. Although I'm not sure where the %g and %G are defined
during
> login.
>
> HTH
>
> Mike
>
>
More information about the samba
mailing list