Is this possible? (Followup)

Faber Fedor faberfedor at yahoo.com
Wed Jan 3 17:21:48 GMT 2001


Their FAQ states that their "product" will not work with a glibc based Linux
and it specifically says it will not work with any Red Hat higher than 4.2.

I'm going to try ipchains, though. Thanks for the pointer.

--- "A.J. Leitell" <lordacid at ispchannel.com> wrote:
> Use IpFilter and set up your rules so that the networks cannot access each
> other... read about it at:
> 
> http://coombs.anu.edu.au/~avalon/ip-filter.html
> 
> ----- Original Message -----
> From: "Mike Fedyk" <mfedyk at matchmail.com>
> To: <faber at linuxnj.com>
> Cc: <samba at lists.samba.org>
> Sent: Friday, December 22, 2000 9:09 PM
> Subject: Re: Is this possible?
> 
> 
> > Faber Fedor wrote:
> > >
> > > I've got an interesting little set-up that I can't figure out.  I'm
> hoping
> > > someone here knows what I need to do.  Basically, I need to be able to
> restrict
> > > home directories by interfaces.  Here are the details:
> > >
> > > My samba box NFS mounts /export/home from a Sun box onto /home. My samba
> box
> > > has multiple interfaces (virtual LANS, but we can think of them as
> separate
> > > NICs (at least I do!)).  Let's say I've got two vlans, 192.168.1.0/24
> and
> > > 192.168.2.0/24.
> > >
> > > If I set up the /home shares as separate shares, I can restrict access
> based on
> > > interfaces.  The problem with this is that the people on the .1 network
> can see
> > > (but not access) the shares on the .2 network.
> > >
> > > If I set up the /home shares as [homes], the user will see only their
> share.
> > > But this has the following problem: A user from network .2 can logon to
> the .1
> > > network and see his share.  This is not a Good Thing since the neworks
> are
> > > owned by two different companies.
> > >
> > > So, in a nutshell, I need to one samba server to have shares that are
> invisible
> > > on one network but browseable on another *and* to restrict access of
> [homes]
> > > directory by network.
> > >
> > > Any ideas?  Any one?  Any one?  Bueller?
> > >
> > > =====
> > > Sincerely,
> > >
> > > Faber Fedor
> > >
> > Look into the "include" directive with a couple variables.  I'd have
> different
> > [homes] based on primary group if possible.
> >
> > I've played around with it a little while, and you can do some really nice
> > things with it.  Although I'm not sure where the %g and %G are defined
> during
> > login.
> >
> > HTH
> >
> > Mike
> >
> >
> 
> 


=====
Sincerely,

Faber Fedor
LinuxNJ.com - Linux and Open Source solutions for New Jersey

http://www.linuxnj.com

__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/




More information about the samba mailing list