[SATLUG] Samba problems.

Todd W. Bucy toddwbucy at grandecom.net
Wed Aug 12 12:34:59 CDT 2009


I concur, its much easier to use a host allow list, then a host deny.

see http://www.samba.org/samba/docs/server_security.html for furth info
on this topic
Todd

On Wed, 2009-08-12 at 12:27 -0500, Richard Maynard wrote:
> Samba does most restrictive permissions for it's shares, so your hosts
> deny=ALL will cause the connection to be denied. You can omit that from your
> configuration, by default if there is a hosts allow entry, any host not on
> the hosts allow is denied.
> 
> I'm not a Samba expert, but it's my understanding the main purpose of hosts
> deny is to remove hosts from an allow list that you've set, or to reject
> specific hosts from accessing the share.
> 
> --
> Richard
> 
> On Wed, Aug 12, 2009 at 12:17 PM, Enrique Sanchez <
> esanchezvela.satlug at gmail.com> wrote:
> 
> > Hey folks, I am trying to configure a samba share for our beloved SAP
> > admins (NOT!!) and I am having a little problem.
> >
> > they want a read/write share on one particular sever be available at
> > all times and accessible w/o password, so I have setup the following
> > configuration.....
> >
> >
> > [global]
> >       workgroup = XYZ
> >       security = ADS
> >       realm = XYZ.LOCAL
> >       netbios name = sambasrv
> >       map to guest = Bad User
> >       logon path = \\%L\profiles\.msprofile
> >       logon home = \\%L\%U\.9xprofile
> >       logon drive = P:
> >       usershare allow guests = No
> >       hosts deny  = ALL
> >       hosts allow = 127.0.0.1  10.20.30.155/32
> >
> > [sapmnt]
> >       security = SHARE
> >       comment = /usr/sap from SAMBA server
> >       path = /usr/sap
> >       read only = No
> >       force user = sap2adm
> >       force group = sapsys
> >       force create mode = 0660
> >       directory mask = 0775
> >       force directory  mode = 0755
> >
> >
> > however, when I try to mount the share from a different location, the
> > SAMBA server allows me to do that.
> >
> > I've switched the order back and forth of the "hosts deny" and "hosts
> > allow" directives without success...
> >
> > thank you,
> > Enrique Sanchez.
> >
> >
> > --
> > Enrique Sanchez Vela
> > ------------------------------------------
> > "What you have been obliged to discover
> > by yourself leaves a path in your mind
> > which you can use again when the need
> > arises."    --G. C. Lichtenberg
> > http://themathcircle.org/
> > --
> > _______________________________________________
> > SATLUG mailing list
> > SATLUG at satlug.org
> > http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> > Powered by Rackspace (www.rackspace.com)
> >
> 
> 
> 
> -- 
> Richard Maynard



More information about the SATLUG mailing list