Fwd: Re: [Samba] "Hosts allow" directive is not correctly evaluated
for printer shares
Matthias Nagel
mh-nagel at web.de
Tue Jan 20 20:43:06 GMT 2009
Hello,
> What about cupsd.conf. Are there any IP restrictions there?
> Dale
yes, but they are the same as in Samba. Anyway - as fare as I know - this would not matter, because Cups only communicates to Samba on the same machine via the loopback interface and/or(?) a socket and not with the clients.
Furthermore the error message comes from "lib/access.c:check_access", which is part of Samba.
Matthias
>
>
> Matthias Nagel wrote:
> > Hello,
> >
> > the access to printer shares is denied because the client IP address is allegedly not in the "hosts allow" list, although it actually is and access to normal shares perfectly works.
> >
> > I have two samba servers (3.0.33) in two different subnets with pure Windows-XP-Clients. The first subnet is 192.168.1.0/24 and the server's ip address is 192.168.1.1. Let's call this server A for short. The second subnet is 192.168.2.0/24 and the server's ip address is 192.168.2.1. (Server B). Routing between both subnets works perfectly and server A is configured as a WINS server. Server B and all clients use this WINS server. Cross subnet browsing works, too. All hosts from both subnets are supposed to be allowed to access shares on both servers. For normal "file" shares it works.
> >
> > If a client tries to print to a printer share on the Samba server in the same subnet, access to this printer share is permitted, too. But if a client tries to print to a printer share on the Samba server of the other subnet, access is denied. Allegedly the ip address is not in the "hosts allow" directive. But why? In the example below a client from the first subnet with the ip address 192.168.1.244, tries to print to server B (192.168.2.1).
> >
> > Snippets from my smb.conf of client B:
> >
> > interfaces = 192.168.2.1 127.0.0.1
> > hosts allow = 192.168.2.0/24 192.168.4.0/24 192.168.1.0/24 127.0.0.0/8
> > bind interfaces only = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >
> > name resolve order = host wins
> > wins support = no
> > wins server = 192.168.1.1
> >
> > printcap name = cups
> > load printers = yes
> > printing = cups
> >
> > [printers]
> > comment = Alle Drucker
> > path = /var/spool/samba
> > browseable = no
> > writable = no
> > printable = yes
> >
> > [print$]
> > comment = Druckertreiber
> > path = /var/lib/samba/printers
> > browseable = yes
> >
> > These two log message appear, if the client tries to connect to the printer. Oddly, access it permitted first and then denied in the same moment:
> >
> > [2009/01/20 18:40:19, 2] lib/access.c:check_access(323)
> > Allowed connection from (192.168.1.244)
> > [2009/01/20 18:40:19, 0] lib/access.c:check_access(327)
> > Denied connection from (192.168.1.244)
> >
> > If I comment out the "allow hosts" directive, the problem stays the same. Something that is even more strange. Any ideas?
> >
> > Matthias
More information about the samba
mailing list