[Samba] Block samba hosts by domain

Vinicius Bones Silva vbs at e-trust.com.br
Thu Nov 10 12:51:33 UTC 2016


PROBABLY its a problem with your reverse dns resolution.

 From the samba server, if you do a host 172.25.0.12 (change as appropriate) does it 
resolve to a hostname in the .example.com domain? If it don't, samba wont know that it's 
uspposed to block the access.

Em 09/11/2016 19:37, Erick Ocrospoma via samba escreveu:
> Hi everybody,
>
>
> I'm setting up a Samba under RHEL 7.0, just a simple samba server. But I'm
> having trouble with blocking access to shares, to be specific with domain
> block.
>
> I'm using default config in samba.conf, just added the share's config.
>
> While blocking by network range it works. Even when some IPs in the network
> 172.25.0.X are subdomains of example.com, they are not blocked.
>
> Name resolution is done with a DNS server, which works fine. I mean, each
> host can do name resolution to other hosts on example.com domain.
>
> Here is the samba config:
>
>          [global]
>                  workgroup = TESTGROUP
>                  server string = Samba Server Version %v
>                  log file = /var/log/samba/log.%m
>                  max log size = 50
>                  security = user
>                  passdb backend = tdbsam
>                  load printers = yes
>                  cups options = raw
>
>          [homes]
>                  comment = Home Directories
>                  browseable = no
>                  writable = yes
>
>          [printers]
>                  comment = All Printers
>                  path = /var/spool/samba
>                  browseable = no
>                  guest ok = no
>                  writable = no
>                  printable = yes
>
>          [data]
>                  comment = DATA share
>                  path = /sambadir
>                  hosts allow = 172.25.0. .example.com
>                  browsable = yes
>                  valid users = susan
>
>          [cluster]
>                  comment = CLUSTER share
>                  path = /opstack
>                  valid users = frankenstein
>
>
>
> ​Thanks in advance.
>
>>

-- 

	
Vinicius Silva
SOC


BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva

	







	Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>


Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta 
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com 
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a 
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou 
informações contidas nesta mensagem não necessariamente refletem a posição oficial da 
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada 
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the 
intended recipients only. If you are not an intended recipient then you should not 
disseminate, copy, or take any action based on its contents. If you have received this 
message in error then please notify E-TRUST by sending an e-mail message to 
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not 
necessarily reflect the position of E-TRUST. If this message is digitally signed, its 
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at 
www.e-trust.com.br.



More information about the samba mailing list