[Samba] Block samba hosts by domain
zipper1790 at gmail.com
Thu Nov 10 20:11:26 UTC 2016
On 10 November 2016 at 07:51, Vinicius Bones Silva via samba <
samba at lists.samba.org> wrote:
> PROBABLY its a problem with your reverse dns resolution.
> From the samba server, if you do a host 172.25.0.12 (change as
> appropriate) does it resolve to a hostname in the .example.com domain? If
> it don't, samba wont know that it's uspposed to block the access.
DNS resolution seems to work fine.
[root at server0 ~]# nslookup desktop.example.com
[root at server0 ~]# nslookup 172.25.0.100
188.8.131.52.in-addr.arpa name = desktop.example.com.
Error showed in /var/log/messages while trying to mount share
Nov 10 15:05:34 server0 smbd: STATUS=daemon 'smbd' finished starting
up and ready to serve connectionsDenied connection from 172.25.0.100 (172.
Nov 10 15:06:04 server0 smbd: STATUS=daemon 'smbd' finished starting
up and ready to serve connectionsDenied connection from 172.25.0.100
I also tried by editting /etc/hosts, but same result.
> Em 09/11/2016 19:37, Erick Ocrospoma via samba escreveu:
>> Hi everybody,
>> I'm setting up a Samba under RHEL 7.0, just a simple samba server. But I'm
>> having trouble with blocking access to shares, to be specific with domain
>> I'm using default config in samba.conf, just added the share's config.
>> While blocking by network range it works. Even when some IPs in the
>> 172.25.0.X are subdomains of example.com, they are not blocked.
>> Name resolution is done with a DNS server, which works fine. I mean, each
>> host can do name resolution to other hosts on example.com domain.
>> Here is the samba config:
>> workgroup = TESTGROUP
>> server string = Samba Server Version %v
>> log file = /var/log/samba/log.%m
>> max log size = 50
>> security = user
>> passdb backend = tdbsam
>> load printers = yes
>> cups options = raw
>> comment = Home Directories
>> browseable = no
>> writable = yes
>> comment = All Printers
>> path = /var/spool/samba
>> browseable = no
>> guest ok = no
>> writable = no
>> printable = yes
>> comment = DATA share
>> path = /sambadir
>> hosts allow = 172.25.0. .example.com
>> browsable = yes
>> valid users = susan
>> comment = CLUSTER share
>> path = /opstack
>> valid users = frankenstein
>> Thanks in advance.
> Vinicius Silva
> BRA: + 55 51 2117.1000 | 55 11 5521.2021
> USA: + 1 888 259.5801
> vbs at e-trust.com.br
> skype: vinicius.bones.silva
> Smiley face
> www.e-trust.com.br <http://www.e-trust.com.br/>
> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se
> você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar
> ou tomar qualquer atitude com base nestas informações. Solicitamos que você
> apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para
> suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas
> nesta mensagem não necessariamente refletem a posição oficial da E-TRUST.
> Caso assinada digitalmente, a autenticidade desta mensagem pode ser
> confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em
> This message may contain privileged and confidential information for the
> use of the intended recipients only. If you are not an intended recipient
> then you should not disseminate, copy, or take any action based on its
> contents. If you have received this message in error then please notify
> E-TRUST by sending an e-mail message to suporte at e-trust.com.br
> immediately. Views and opinions expressed in this message do not
> necessarily reflect the position of E-TRUST. If this message is digitally
> signed, its authenticity can be confirmed by E-TRUST Private Certificate
> Authority, available at www.e-trust.com.br.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
IRC : zerick
Blog : http://zerick.me
About : http://about.me/zerick
Linux User ID : 549567
More information about the samba