[Samba] Access to a server using multiple netbios names and include files

[David Pullman]

We have a file server, solaris 2.8 running SAMBA 2.2.8, that has two 
netbios names and we have an include file for smb.conf for each.

We have some machines that are trusted and some that are not.  Trusted 
means standardized windows install, users don't have root, untrusted 
means not necessarily standard install, users do have root.  The trusted 
machines are defined in an NIS netgroup.  The untrusted machines are in 
a different NIS netgroup.

The basic hostname/netbios alias shares directories to machines that are 
trusted, but not to an untrusted group of machines.

The second name, defined as a netbios alias, shares a separate set of 
directories to the trusted and untrusted machines.

The smb.conf file has basic parms set for the network etc.  The include 
files each has a host allow line and the shares for the appropriate group.

The problem seems to be that if we only share the basic hostname/netbios 
alias shares to the trusted group, and then try to share the other 
shares to both the trusted and untrusted netgroups, the untrusted 
netgroup machines can not see any shares.  If we share everything to 
both netgroups, then every machine has access.

We're trying to give access to all shares to the trusted machines, and 
only access to some shares to the untrusted machines.  It sounded like 
the netbios aliases and the include file paradigm would provide for 
this, but it looks like in testing that only the host allow for the base 
netbios alias is honored, regardless of which netbios name is used for 
access by the client machine.

Has anyone tried to so something like this?  We're constrained a bit by 
having only one Enterprise class machine to use as a file server, and 
trying to separate access to shares from that one server.

Any thoughts would be greatly appreciated.  I can post smb.confs or 
parts of them as needed.

Thanks very much

David Pullman
MEL Systems Administration