[Samba] "Hosts allow" directive is not correctly evaluated for printer shares

Matthias Nagel mh-nagel at web.de
Tue Jan 20 18:39:25 GMT 2009


Hello,

the access to printer shares is denied because the client IP address is allegedly not in the "hosts allow" list, although it actually is and access to normal shares perfectly works.

I have two samba servers (3.0.33) in two different subnets with pure Windows-XP-Clients. The first subnet is 192.168.1.0/24 and the server's ip address is 192.168.1.1. Let's call this server A for short. The second subnet is 192.168.2.0/24 and the server's ip address is 192.168.2.1. (Server B). Routing between both subnets works perfectly and server A is configured as a WINS server. Server B and all clients use this WINS server. Cross subnet browsing works, too. All hosts from both subnets are supposed to be allowed to access shares on both servers. For normal "file" shares it works.

If a client tries to print to a printer share on the Samba server in the same subnet, access to this printer share is permitted, too. But if a client tries to print to a printer share on the Samba server of the other subnet, access is denied. Allegedly the ip address is not in the "hosts allow" directive. But why? In the example below a client from the first subnet with the ip address 192.168.1.244, tries to print to server B (192.168.2.1).

Snippets from my smb.conf of client B:

interfaces = 192.168.2.1 127.0.0.1
hosts allow = 192.168.2.0/24 192.168.4.0/24 192.168.1.0/24 127.0.0.0/8
bind interfaces only = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

name resolve order = host wins
wins support = no
wins server = 192.168.1.1

printcap name = cups
load printers = yes
printing = cups

[printers]
comment = Alle Drucker
path = /var/spool/samba
browseable = no
writable = no
printable = yes

[print$]
comment = Druckertreiber
path = /var/lib/samba/printers
browseable = yes

These two log message appear, if the client tries to connect to the printer. Oddly, access it permitted first and then denied in the same moment:

[2009/01/20 18:40:19, 2] lib/access.c:check_access(323)
   Allowed connection from  (192.168.1.244)
[2009/01/20 18:40:19, 0] lib/access.c:check_access(327)
   Denied connection from  (192.168.1.244)

If I comment out the "allow hosts" directive, the problem stays the same. Something that is even more strange. Any ideas?

Matthias

_______________________________________________________________________
Sensationsangebot verlängert: WEB.DE FreeDSL - Telefonanschluss + DSL
für nur 16,37 Euro/mtl.!* http://dsl.web.de/?ac=OM.AD.AD008K15039B7069a



More information about the samba mailing list