[Samba] Problem with SAMBA
Paul Espinosa
pespinosa at sunflowerbroadband.com
Wed Jun 16 16:17:24 GMT 2004
Instead of using /etc/hosts.allow and /etc/hosts.deny use the "hosts allow"
and "interfaces" directive in the smb.conf.
I use (in smb.conf [global] section):
hosts allow = 192.168.1.0/24 127.0.0.1
interfaces=192.168.1.0/24 127.0.0.1/32
(Replace with your internal network values)
To ensure that only my internal network has access to the samba service.
--
Paul Espinosa
pespinosa at sunflowerbroadband.com
IT Supervisor
The World Company
785/312-6912
.----[ Rodrigo Haces wrote ]----
|
|
| Hi, i have a debian box connected to internet by ADSL, in that box i
| share internet to all my local network, i also have to share 3
| directories with samba with full read/write permissions.
|
| my hosts.deny is ALL:ALL and my hosts.allow is ALL:127. AND
| ALL:192.168.0. so that i only accept connections from inside my local
| network.
|
| Here is the problem, i cannot ask for a password to let them write in my
| directories because im using them as a database location so that my CRM
| application connects there, but with this, intruders from outside my
| network can write virus programs (And are actually doing it, writing a
| Xi.exe program). So, how can i prevent this? here is my smb.conf:
|
| [global]
| log file = /var/log/samba/log.%m
| passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
| *Retype\snew\sUNIX\spassword:* %n\n
| socket options = TCP_NODELAY
| obey pam restrictions = yes
| null passwords = yes
| encrypt passwords = true
| passdb backend = tdbsam guest
| passwd program = /usr/bin/passwd %u
| dns proxy = no
| netbios name = Servidor
| server string = %h server (Samba %v)
| invalid users = root
| workgroup = infosys
| debug level = 0
| os level = 20
| syslog = 0
| security = share
| panic action = /usr/share/samba/panic-action %d
| max log size = 1000
|
| [bitacora]
| writeable = yes
| public = yes
| path = /files/bitacora
|
|
| [comun]
| writeable = yes
| public = yes
| path = /files/comun
|
| [admivi]
| writeable = yes
| public = yes
| path = /files/admivi
|
| Thank in advanced
| Rodrigo
|
More information about the samba
mailing list