[Samba] interfaces parameter use needs clarification
John H Terpstra
jht at samba.org
Fri Jan 31 19:17:35 GMT 2003
Chris,
>From ~samba/source/lib/interface.c:
/****************************************************************************
interpret a single element from a interfaces= config line
This handles the following different forms:
1) wildcard interface name
2) DNS name
3) IP/masklen
4) ip/mask
5) bcast/mask
****************************************************************************/
And from ~samba/source/lib/access.c:
/* return true if access should be allowed */
static BOOL allow_access_internal(const char **deny_list,const char
**allow_list,
const char *cname, const char *caddr)
{
const char *client[2];
client[0] = cname;
client[1] = caddr;
/* if it is loopback then always allow unless specifically denied
*/
if (strcmp(caddr, "127.0.0.1") == 0) {
/*
* If 127.0.0.1 matches both allow and deny then allow.
* Patch from Steve Langasek vorlon at netexpress.net.
*/
if (deny_list &&
list_match(deny_list,(const char
*)client,client_match) &&
(!allow_list ||
!list_match(allow_list,(const char
*)client, client_match))) {
return False;
}
return True;
}
Some time ago we explicitly added support for the loopback interface
because we were seeing so many users mess this up.
Cheers,
John T.
On Fri, 31 Jan 2003, Chris Smith wrote:
> In the thread titled:
>
> Re: [Samba] Mandrake 9.0: rpcclient problem exporting printers to samba
> for windows
>
> There exists some advice whcih brings confusion:
>
> > > interfaces = 10.0.0.2/24
> >
> > I think this could be a problem, you should list the loopback address in
> > your interfaces list (lo or 127.0.0.1)
> >
>
> I've seen this advice before in the "Unofficial Samba HOWTO" yet it
> doesn't seem to jive with the "Offical" documentation. I wish someone in
> the know would spill the beans on the real truth.
>
> The smb.conf doc states these choices:
>
> =========================================
> The option takes a list of interface strings. Each string can be in any
> of the following forms:
>
> * a network interface name (such as eth0). This may include
> shell-like wildcards so eth* will match any interface starting
> with the substring "eth"
>
> * an IP address. In this case the netmask is determined from the
> list of interfaces obtained from the kernel
>
> * an IP/mask pair.
>
> * a broadcast/mask pair.
> =========================================
>
> And provides an example:
>
> =========================================
> interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0
> =========================================
>
> As well as stating the default:
>
> =========================================
> Default: all active interfaces except 127.0.0.1 that are broadcast
> capable
> =========================================
>
> Which clearly, and seemingly purposely, leaves out the lo interface.
Which is always allowed except when explicitly NOT allowed.
>
> Furthermore in the "Unoffcial Samba HOWTO" it is stated:
>
> =========================================
> A common mistake is to set the interfaces line to the specific IP
> address of the box, when it is actually the IP subnet that your
> interface is on that you want to use. Assuming your server runs on
> 192.168.0.1 and your netmask is 255.255.255.0, your smb.conf file should
> look like:
>
> interfaces = 192.168.0.0/255.255.255.0 127.0.0.1
> =========================================
>
> However this also does not reconcile with the smb.conf manual, nor the
> examples which clearly show the use of the IP address of the interface
> itself as proper.
>
> Please can someone clear this up.
>
> Thanks.
>
> Chris
>
>
--
John H Terpstra
Email: jht at samba.org
More information about the samba
mailing list