[Samba] Problem with SAMBA

Paul Espinosa pespinosa at sunflowerbroadband.com
Wed Jun 16 16:17:24 GMT 2004 

Instead of using /etc/hosts.allow and /etc/hosts.deny use the "hosts allow"
and "interfaces" directive in the smb.conf.

I use (in smb.conf [global] section): 

   hosts allow = 192.168.1.0/24 127.0.0.1

   interfaces=192.168.1.0/24 127.0.0.1/32

   (Replace with your internal network values)

To ensure that only my internal network has access to the samba service.

-- 
Paul Espinosa
pespinosa at sunflowerbroadband.com
IT Supervisor
The World Company
785/312-6912


.----[ Rodrigo Haces wrote ]----
|  
|  
|  Hi, i have a debian box connected to internet by ADSL, in that box i
|  share internet to all my local network, i also have to share 3
|  directories with samba with full read/write permissions.
|  
|  my hosts.deny is ALL:ALL and my hosts.allow is ALL:127. AND
|  ALL:192.168.0. so that i only accept connections from inside my local
|  network.
|  
|  Here is the problem, i cannot ask for a password to let them write in my
|  directories because im using them as a database location so that my CRM
|  application connects there, but with this, intruders from outside my
|  network can write virus programs (And are actually doing it, writing a
|  Xi.exe program). So, how can i prevent this? here is my smb.conf:
|  
|  [global]
|          log file = /var/log/samba/log.%m
|          passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
|  *Retype\snew\sUNIX\spassword:* %n\n
|          socket options = TCP_NODELAY
|          obey pam restrictions = yes
|          null passwords = yes
|          encrypt passwords = true
|          passdb backend = tdbsam guest
|          passwd program = /usr/bin/passwd %u
|          dns proxy = no
|          netbios name = Servidor
|          server string = %h server (Samba %v)
|          invalid users = root
|          workgroup = infosys
|          debug level = 0
|          os level = 20
|          syslog = 0
|          security = share
|          panic action = /usr/share/samba/panic-action %d
|          max log size = 1000
|  
|  [bitacora]
|         writeable = yes
|         public = yes
|         path = /files/bitacora
|  
|  
|  [comun]
|         writeable = yes
|         public = yes
|         path = /files/comun
|  
|  [admivi]
|          writeable = yes
|          public = yes
|          path = /files/admivi
|  
|  Thank in advanced
|  Rodrigo
|

More information about the samba mailing list