[Samba] string to long for hosts allow in smb.conf
kurt weiss
input.maillists at kwnet.at
Wed Sep 10 08:04:50 GMT 2003
h p.
why u're not using a combination between hosts allow and hosts deny
also use bind interfaces...
P. Bruggink schrieb:
> We have found that a number of users (especially notebook user with
> Win95) try to change their IP-address to get more permissions when they
> login to the network. Since we have a database with all of the systems
i cannot follow: how do they get *more* permissions on samba? are u not
using 'security=user || security=domain' ?
also, maybe there's a possibility with DHCP to prevent this?
> registered and we already automatically build our configuration files
> when something changing in this database (MySql), we tried to block the
> unregistered IP number by expanding the hosts allow option in the
> smb.conf with all the IP number in the database.
maybe i cannot follow u. but why u try to block ip's dynamically with
samba. (a.f.a.i.k. u have to restart samba to make effect hosts allow)
why u're not simply using iptables or ipchains?
i think, thats the best way...
>
> Original Entry:
>
> hosts allow = 195.193.119. localhost
>
> changed to
>
> include = /usr/local/samba/lib/include/hosts_allow119.smb
>
> (all parts of the smb.conf file created by an update in the database
> have an include line in the smb.conf file, therefor not the smb.conf is
> updated but the include files are updated)
>
> the include file for the hosts allow looks like:
>
> hosts allow = 195.193.119.1 \
> 195.193.119.10 \
> 195.193.119.11 \
> .
> .
> .
> .
> .
> .
> .
> .
> 195.193.119.201 \
> localhost
>
> Using this generated an error indicating that the string was to long. We
> have also tried to put de line hosts allow directly into the smb.conf,
> but also this generated the same error. We are not using NIS and can not
> use the netgroup option.
> We also have tried to replace the C class part of the IP number with an
> environment variable, but cannot find a variable with this value.
>
> How can we overcome this string to long error?
maybe with "hosts deny" that will be less adresses...
i hope it helpes, let me know
gk
>
>
>
More information about the samba
mailing list