[Samba] "hosts allow" address resolution

Christian R Molls CMolls at gmx.net
Mon Aug 18 19:28:38 GMT 2003

Hi everybody,

apart from the clients in our Samba [1] server's subnet, we would like
to allow access from some selected outside machines as well. Those
people enter our network via VPN and are associated IPs that look like
the ones below:

         vpn-82-51.test.de       -->
         vpn-84-13.test.de       -->

Those users receive a new IP address every time they make a new VPN
connection; so the addresses are dynamic.

As not each and every of our VPN users is to be allowed onto our
server, I thought about setting up some kind of dyndns client on the
outside machines that associates the dynamic VPN IP address with a
dyndns hostname, like that:

         vpn-82-51.test.de       -->
         someaccount.dyndns.org  -->

I then modified smb.conf (173.237.79. is our subnet):

         hosts allow = 173.237.79. someaccount.dyndns.org

But alas, it does not work: I receive "connection denied" when I try to
connect to the server from the outside client machine. However, if I
modify the line above for testing purposes, like

         hosts allow = 173.237.79. vpn-82-51.test.de
         hosts allow = 173.237.79.

it works as expected and I am allowed to access the shares. Why does the
dyndns adress not work whilst the vpn-82-51.test.de address does, when
both resolve to the same numerical IP address? Any other ideas how to
solve the task?

Best regards from Cologne, Germany,

[1] Version 2.2.8a-0.9woody1 for Debian
christian molls
student of laws
univ of cologne

More information about the samba mailing list