[Samba] Block samba hosts by domain
Erick Ocrospoma
zipper1790 at gmail.com
Fri Nov 11 06:42:49 UTC 2016
On 10 November 2016 at 16:14, L A Walsh <samba at tlinx.org> wrote:
> Erick Ocrospoma wrote:
>
>>
>>
>> [root at server0 ~]# nslookup 172.25.0.100
>> Server: 172.25.0.254
>> Address: 172.25.0.254#53
>>
>> ---
>> as the above shows: not only does nslookup on the ip not
>> return the name, but it returns the IP for a different machine!
>>
>>
>> That's the DNS server IP.
>>
> ---
> I figured as much... still not what you want though...;-)
>
>>
>>
>>
>> If you have 'dig', the "-x" option should do the trick.
>>
>> dig -x 172.25.0.100
>>
>>
>>
>> [root at server
>> 0
>> ~]# dig -x 172.25.0.10
>> 0
>>
>> ;; QUESTION SECTION:
>> ;
>>
>> 10
>> 0
>> .0.25.172.in-addr.arpa. IN PTR
>>
>> ;; ANSWER SECTION:
>> 10
>> 0
>> .0.25.172.in-addr.arpa. 86400 IN PTR desktop.example.com <
>> http://desktop.example.com>.
>>
> ---
> Is that the answer you expected?
> I wasn't sure what you were trying to do, since your subject
> said you were trying to block hosts by domain, whereas your
> smb.conf file only seemed to have a "hosts allow":
>
> hosts allow = 172.25.0. .example.com
>
> ...that would only work for a user named 'susan' who has validated
> against the the server. I.e. When you go to map 'data' to a drive,
> I believe you would need to 'connect using different credentials',
> and enter susan's creds in the dialog.
>
>
>
hosts allow entry should allow only example.com hosts, then blocking any
other hosts. That's my objective.
And yes, hosts allow entry is only for that share, and for user susan
(authentication passes).
If I allow 172.25.1.x network, then that share is mountable (but have to
remove that .example.com entry).
If I use hostname (example.com) rejects any network and any host.
--
Erick.
-------------------------------------------
IRC : zerick
Blog : http://zerick.me
About : http://about.me/zerick
Linux User ID : 549567
More information about the samba
mailing list