Is this possible?

[A.J. Leitell]

Use IpFilter and set up your rules so that the networks cannot access each
other... read about it at:

http://coombs.anu.edu.au/~avalon/ip-filter.html

----- Original Message -----
From: "Mike Fedyk" <mfedyk at matchmail.com>
To: <faber at linuxnj.com>
Cc: <samba at lists.samba.org>
Sent: Friday, December 22, 2000 9:09 PM
Subject: Re: Is this possible?


> Faber Fedor wrote:
> >
> > I've got an interesting little set-up that I can't figure out.  I'm
hoping
> > someone here knows what I need to do.  Basically, I need to be able to
restrict
> > home directories by interfaces.  Here are the details:
> >
> > My samba box NFS mounts /export/home from a Sun box onto /home. My samba
box
> > has multiple interfaces (virtual LANS, but we can think of them as
separate
> > NICs (at least I do!)).  Let's say I've got two vlans, 192.168.1.0/24
and
> > 192.168.2.0/24.
> >
> > If I set up the /home shares as separate shares, I can restrict access
based on
> > interfaces.  The problem with this is that the people on the .1 network
can see
> > (but not access) the shares on the .2 network.
> >
> > If I set up the /home shares as [homes], the user will see only their
share.
> > But this has the following problem: A user from network .2 can logon to
the .1
> > network and see his share.  This is not a Good Thing since the neworks
are
> > owned by two different companies.
> >
> > So, in a nutshell, I need to one samba server to have shares that are
invisible
> > on one network but browseable on another *and* to restrict access of
[homes]
> > directory by network.
> >
> > Any ideas?  Any one?  Any one?  Bueller?
> >
> > =====
> > Sincerely,
> >
> > Faber Fedor
> >
> Look into the "include" directive with a couple variables.  I'd have
different
> [homes] based on primary group if possible.
>
> I've played around with it a little while, and you can do some really nice
> things with it.  Although I'm not sure where the %g and %G are defined
during
> login.
>
> HTH
>
> Mike
>
>