[Samba] hosts allow / hosts deny (CIDRs?)

Rowland Penny rpenny at samba.org
Wed Oct 18 08:47:39 UTC 2017 

On Tue, 17 Oct 2017 21:10:00 -0700
"Ronald F. Guilmette via samba" <samba at lists.samba.org> wrote:

> 
> In message <ca330312-5343-b7e5-328a-d2b554330081 at thelounge.net>, 
> Reindl Harald <h.reindl at thelounge.net> wrote:
> 
> >Am 17.10.2017 um 04:24 schrieb Ronald F. Guilmette via samba:
> >> Just a trivial question...
> >> 
> >> Do the hosts allow and hosts deny clauses (i.e. within smb.conf)
> >> support the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ?
> >> 
> >> The specific documentation page I was looking at, i.e.:
> >> 
> >>     https://www.samba.org/samba/docs/using_samba/ch06.html
> >> 
> >> was rather entirely ambiguous on this one small point.  When
> >> describing the interfaces clause, it says explicitly that CIDRs
> >> are allowed.  But when it comes to hosts allow and hosts deny, the
> >> same page is silent about CIDR notation.
> >> 
> >> So, you know, I have to ask
> >
> >yes they do and you could have easily tried it out
> 
> Well, actually, I *did* try it out.  And it did *seem*  to work, but
> what do I know?  I also tried, but was unable to find where exactly
> the smbd/nmdb log records are being sent to, by default, on my
> FreeBSD system, and thus, I was unable to check properly to see if my
> addition of a line in my smb.conf file like "hosts allow = <<CIDR>>"
> did or did not cause a parse error, i.e. when I restarted the daemon.
> 
> So, for all I can tell, perhaps I glitched the "hosts allow" directive
> and perhaps smbd/nmdb are now allowing *all* hosts to access my stuff.
> I was not able to tell if this might be happening, and that's why I
> asked the question.
> 
> And anyway, isn't it a Good Thing that I asked?  I mean doesn't
> somebody maybe want to fix the documentation page that I gave a link
> to, so that it will henceforth be clear in noting (which it currently
> fails to do) that CIDRs are allowed in hosts allow/deny directives?
> 
> 
> Regards,
> rfg
> 

It is always a good thing to ask questions, but in this case, you asked
the wrong question ;-)

You should have asked 'am I reading the right documentation', and I am
sorry to say, you were not. Some of the document you referred to is
still valid, but a lot isn't. The first point of call for Samba
documentation is the Samba wiki and the various manpages that Samba
supplies.
The document, that you referred to, will not be updated, it is just
supplied for historic reasons.

Rowland

More information about the samba mailing list