Is this possible?
Mike Fedyk
mfedyk at matchmail.com
Sat Dec 23 03:09:51 GMT 2000
Faber Fedor wrote:
>
> I've got an interesting little set-up that I can't figure out. I'm hoping
> someone here knows what I need to do. Basically, I need to be able to restrict
> home directories by interfaces. Here are the details:
>
> My samba box NFS mounts /export/home from a Sun box onto /home. My samba box
> has multiple interfaces (virtual LANS, but we can think of them as separate
> NICs (at least I do!)). Let's say I've got two vlans, 192.168.1.0/24 and
> 192.168.2.0/24.
>
> If I set up the /home shares as separate shares, I can restrict access based on
> interfaces. The problem with this is that the people on the .1 network can see
> (but not access) the shares on the .2 network.
>
> If I set up the /home shares as [homes], the user will see only their share.
> But this has the following problem: A user from network .2 can logon to the .1
> network and see his share. This is not a Good Thing since the neworks are
> owned by two different companies.
>
> So, in a nutshell, I need to one samba server to have shares that are invisible
> on one network but browseable on another *and* to restrict access of [homes]
> directory by network.
>
> Any ideas? Any one? Any one? Bueller?
>
> =====
> Sincerely,
>
> Faber Fedor
>
Look into the "include" directive with a couple variables. I'd have different
[homes] based on primary group if possible.
I've played around with it a little while, and you can do some really nice
things with it. Although I'm not sure where the %g and %G are defined during
login.
HTH
Mike
More information about the samba
mailing list