[Samba] Restrict users with their IPs

Michael Gasch gasch at eva.mpg.de
Sun Jan 15 15:53:58 GMT 2006 

could you please try the following setup:

in your smb.conf add a line (newline after last command in [private] share)

include = /etc/samba/smb.conf.%U

e.g.

[private]
         comment = [ private stuff ]
         path = /srv/samba/private
         browseable = yes
         guest ok = no
         read only = yes
         valid users = @private
         write list = @private
         force group = private
         hide dot files = yes
         hide unreadable = yes
         create mask = 0660
         directory mask = 0770
         force create mode = 0660
         force directory mode = 0770
         vfs object = audit
         preexec = sh -c 'cat /etc/samba/%S.motd | ...

include = /etc/samba/smb.conf.%U

create (for each user in private group) a file called
/etc/samba/smb.conf.<firstusername> and so on

each file has to contain the following lines (e.g. 
/etc/samba/smb.conf.<firstusername>)

[share]
         hosts deny = 127.0.0.1, 192.168.0. EXCEPT 192.168.0.1

this example asumes, that the pc of "firstuser" has 192.168.0.1

second user gets
         hosts deny = 127.0.0.1, 192.168.0. EXCEPT 192.168.0.2

and so on

if you have trouble, please increase debug level (5)
you should see something like "processing section [private] twice - once 
for smb.conf and once for the included smb.conf.<firstuser>)


greez




Roman Makurin wrote:
> Hi All!
> 
> On my samba server I`ve got some stuff with require authorization. I create 
> needed users for that. These users belong to the same group - private. But 
> now I want to restrict them even more - I want to bind them to particular 
> IPs. Eg user1 will be able to connect to private share only from user1_IP, 
> user2 from user2_IP. How can I do this with samba ?
> 
> Here is my private share configuration:
> 
> [private]
>         comment = [ private stuff ]
>         path = /srv/samba/private
>         browseable = yes
>         guest ok = no
>         read only = yes
>         valid users = @private
>         write list = @private
>         force group = private
>         hide dot files = yes
>         hide unreadable = yes
>         create mask = 0660
>         directory mask = 0770
>         force create mode = 0660
>         force directory mode = 0770
>         vfs object = audit
>         preexec = sh -c 'cat /etc/samba/%S.motd | /usr/bin/smbclient -M %m -I 
> %I' &
> 
> Thanks
> 


-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

More information about the samba mailing list