[Samba] Block samba hosts by domain
Vinicius Bones Silva
vbs at e-trust.com.br
Thu Nov 10 12:51:33 UTC 2016
PROBABLY its a problem with your reverse dns resolution.
From the samba server, if you do a host 172.25.0.12 (change as appropriate) does it
resolve to a hostname in the .example.com domain? If it don't, samba wont know that it's
uspposed to block the access.
Em 09/11/2016 19:37, Erick Ocrospoma via samba escreveu:
> Hi everybody,
>
>
> I'm setting up a Samba under RHEL 7.0, just a simple samba server. But I'm
> having trouble with blocking access to shares, to be specific with domain
> block.
>
> I'm using default config in samba.conf, just added the share's config.
>
> While blocking by network range it works. Even when some IPs in the network
> 172.25.0.X are subdomains of example.com, they are not blocked.
>
> Name resolution is done with a DNS server, which works fine. I mean, each
> host can do name resolution to other hosts on example.com domain.
>
> Here is the samba config:
>
> [global]
> workgroup = TESTGROUP
> server string = Samba Server Version %v
> log file = /var/log/samba/log.%m
> max log size = 50
> security = user
> passdb backend = tdbsam
> load printers = yes
> cups options = raw
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> guest ok = no
> writable = no
> printable = yes
>
> [data]
> comment = DATA share
> path = /sambadir
> hosts allow = 172.25.0. .example.com
> browsable = yes
> valid users = susan
>
> [cluster]
> comment = CLUSTER share
> path = /opstack
> valid users = frankenstein
>
>
>
> Thanks in advance.
>
>
>
--
Vinicius Silva
SOC
BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva
Smiley face
www.e-trust.com.br <http://www.e-trust.com.br/>
Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou
informações contidas nesta mensagem não necessariamente refletem a posição oficial da
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.
This message may contain privileged and confidential information for the use of the
intended recipients only. If you are not an intended recipient then you should not
disseminate, copy, or take any action based on its contents. If you have received this
message in error then please notify E-TRUST by sending an e-mail message to
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not
necessarily reflect the position of E-TRUST. If this message is digitally signed, its
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at
www.e-trust.com.br.
More information about the samba
mailing list