[SPAMPROB:50%] RE: [Samba] Problem with SAMBA

Paul Espinosa pespinosa at sunflowerbroadband.com
Wed Jun 16 17:55:40 GMT 2004 

If you use those directives there is an implicit "deny all" and only the
specified hosts/network etc. will be allowed.

-- 
Paul Espinosa
pespinosa at sunflowerbroadband.com
IT Supervisor
The World Company
785/312-6912


.----[ Rodrigo Haces wrote ]----
|  
|  
|  Thanks, that's greate, but how do i say tu deny all??
|  hosts deny = ALL
|  ??
|  or how?
|  Thanks!
|  Rodrigo
|  
|  > -----Mensaje original-----
|  > De: samba-bounces+rhaces_chistes=yahoo.com.mx at lists.samba.org
|  > [mailto:samba-bounces+rhaces_chistes=yahoo.com.mx at lists.samba.org]En
|  > nombre de Paul Espinosa
|  > Enviado el: Miercoles, 16 de Junio de 2004 11:17 a.m.
|  > Para: samba at lists.samba.org
|  > Asunto: Re: [Samba] Problem with SAMBA
|  >
|  >
|  > Instead of using /etc/hosts.allow and /etc/hosts.deny use the
|  > "hosts allow"
|  > and "interfaces" directive in the smb.conf.
|  >
|  > I use (in smb.conf [global] section):
|  >
|  >    hosts allow = 192.168.1.0/24 127.0.0.1
|  >
|  >    interfaces=192.168.1.0/24 127.0.0.1/32
|  >
|  >    (Replace with your internal network values)
|  >
|  > To ensure that only my internal network has access to the samba
|  > service.
|  >
|  > --
|  > Paul Espinosa
|  > pespinosa at sunflowerbroadband.com
|  > IT Supervisor
|  > The World Company
|  > 785/312-6912
|  >
|  >
|  > ..----[ Rodrigo Haces wrote ]----
|  > |
|  > |
|  > |  Hi, i have a debian box connected to internet by ADSL, in that box i
|  > |  share internet to all my local network, i also have to share 3
|  > |  directories with samba with full read/write permissions.
|  > |
|  > |  my hosts.deny is ALL:ALL and my hosts.allow is ALL:127. AND
|  > |  ALL:192.168.0. so that i only accept connections from inside my
|  > |  local network.
|  > |
|  > |  Here is the problem, i cannot ask for a password to let them
|  > write in my
|  > |  directories because im using them as a database location so that my
|  > |  CRM application connects there, but with this, intruders from
|  > |  outside my network can write virus programs (And are actually doing
|  > |  it, writing a Xi.exe program). So, how can i prevent this? here is
|  > |  my smb.conf:
|  > |
|  > |  [global]
|  > |          log file = /var/log/samba/log.%m
|  > |          passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
|  > |  *Retype\snew\sUNIX\spassword:* %n\n
|  > |          socket options = TCP_NODELAY
|  > |          obey pam restrictions = yes
|  > |          null passwords = yes
|  > |          encrypt passwords = true
|  > |          passdb backend = tdbsam guest
|  > |          passwd program = /usr/bin/passwd %u
|  > |          dns proxy = no
|  > |          netbios name = Servidor
|  > |          server string = %h server (Samba %v)
|  > |          invalid users = root
|  > |          workgroup = infosys
|  > |          debug level = 0
|  > |          os level = 20
|  > |          syslog = 0
|  > |          security = share
|  > |          panic action = /usr/share/samba/panic-action %d
|  > |          max log size = 1000
|  > |
|  > |  [bitacora]
|  > |         writeable = yes
|  > |         public = yes
|  > |         path = /files/bitacora
|  > |
|  > |
|  > |  [comun]
|  > |         writeable = yes
|  > |         public = yes
|  > |         path = /files/comun
|  > |
|  > |  [admivi]
|  > |          writeable = yes
|  > |          public = yes
|  > |          path = /files/admivi
|  > |
|  > |  Thank in advanced
|  > |  Rodrigo
|  > |
|  > --
|  > To unsubscribe from this list go to the following URL and read the
|  > instructions:  http://lists.samba.org/mailman/listinfo/samba
|

More information about the samba mailing list