hosts allow/deny question

Neil Hoggarth neil.hoggarth at
Fri Aug 25 12:21:27 GMT 2000

On Thu, 24 Aug 2000 dqpr10 at wrote:

> I would like to do something like this at Samba level:
> 	hosts allow = subnet1/mask1 subnet2/mask2 etc
> 	hosts deny = *
> But this doesn't seem to work (machine that are not in subnet1 and
> not in subnet2 still have access)
> I think the * is not understood by Samba, I tried ALL, this didn't
> work either. I'm gonna check the samba source code but if I could
> get an expert answer that'd be nice =)

I don't think that you need the "hosts deny" line - Samba starts off
willing to talk to any host, but once you have specified a "hosts allow"
list then anything not specifically permitted is forbidden. Remove the
"hosts deny" line, restart Samba and retest. If it doesn't do what you
expect then there is something wrong with your "hosts allow" line.

Neil Hoggarth                                 Departmental Computer Officer
<neil.hoggarth at>                   Laboratory of Physiology                  University of Oxford, UK

More information about the samba mailing list