You are not logged in.
- Topics: Active | Unanswered
#1 2009-09-13 12:12:13
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,597
- Website
samba settings for /etc/hosts.allow
I searched around, but am unwilling to add 'ALL:ALL' to my /etc/hosts.allow - can someone tell me which services I need to add to my /etc/hosts.allow for samba to work?
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#2 2009-09-13 14:33:43
- neddie_seagoon
- Member
- Registered: 2009-08-23
- Posts: 121
Re: samba settings for /etc/hosts.allow
According to the hosts.allow manpage, it matches on daemon process name, so I believe it should be 'smbd'.
Offline
#3 2009-09-13 20:13:11
- sph
- Member
- Registered: 2008-05-01
- Posts: 63
- Website
Re: samba settings for /etc/hosts.allow
If you want to restrict access, edit the [global] section of your /etc/samba/smb.conf:
[global]
...
# Override the default network interface list that Samba will use for browsing.
interfaces = eth0, 127.0.0.1
# Limit what interfaces on a machine will serve SMB requests.
bind interfaces only = yes
# List, IP range etc. of hosts that are not allowed to access Samba services.
# In case of conflict between 'hosts allow' and 'hosts deny', the 'allow' list will take precedence.
hosts deny = ALL
# List, IP range etc. of hosts that are allowed to access Samba services
hosts allow = 192.168.0. 127.
...Please also read the default /etc/samba/smb.conf and the smb.conf(5) manpage.
Last edited by sph (2009-09-13 20:18:49)
Offline
#4 2009-09-19 11:19:25
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,597
- Website
Re: samba settings for /etc/hosts.allow
@neddie_seagoon - thanks for the suggestion
@sph - I found that section on the smb.conf but I assumed that no incoming samba connections would be allowed without me first allowing it in /etc/hosts.allow but I just removed the ALL: ALL line and found that samba just works without anything in /etc/hosts.allow which confuses the hell out of me. Why is this allowed when I have ALL: ALL: DENY in my /etc/hosts.deny ?
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#5 2009-09-19 17:24:43
- Pudge
- Arch Linux f@h Team Member
- Registered: 2006-01-23
- Posts: 300
Re: samba settings for /etc/hosts.allow
@neddie_seagoon - thanks for the suggestion
@sph - I found that section on the smb.conf but I assumed that no incoming samba connections would be allowed without me first allowing it in /etc/hosts.allow but I just removed the ALL: ALL line and found that samba just works without anything in /etc/hosts.allow which confuses the hell out of me. Why is this allowed when I have ALL: ALL: DENY in my /etc/hosts.deny ?
The way I understand it, the /etc/hosts.allow, /etc/hosts,deny, and /etc/hosts files are only involved when connecting from Linux to Linux via FTP, SFTP, SSH, SSHFS, etc. Even then, TCPwrapper has to be installed and working before /etc/hosts.deny and /etc/hosts.allow have any effect. The Linux to Linux protocols use the IP address to indentify a remote computer. That's why setting up a Linux LAN with DHCP is such a pain, static addresses work much better. The /etc/hosts file's job is to associate a hostname to an IP address, because hostnames are easier for humans to remember than IP addresses. Once it looks up the hostname in the /etc/hosts file and translates that to an IP address, it is the IP address that it uses to actually make the connection.
Samba on the other hand uses the SMB protocol. To make things easier, Microsoft wanted DHCP to work with sharing files between WIndows computers. Since DHCP IP addresses are dynamic, they had to use something other than the IP address to identify a particular computer. So they came up with the SMB protocol which identifies a computer by it's NETBIOS name and not it's IP address. Some people think the NETBIOS name is not as secure as the IP address method that Linux uses. As far as I know, SMB doesn't have anything to do with the /etc/hosts.deny, /etc/hosts.allow, or /etc/hosts files. For SAMBA to work, all it needs is the workgroup name and netbiosname of the remote computer. The workgroup name is set up in the samba.conf file, the netbiosname you supply when making a connection.
HTH
Pudge
Last edited by Pudge (2009-09-19 17:29:22)
Offline
#6 2009-09-19 17:32:07
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,597
- Website
Re: samba settings for /etc/hosts.allow
Thanks for the info. I was misinformed about /etc/hosts.allow
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
#7 2009-09-19 17:39:01
- Pudge
- Arch Linux f@h Team Member
- Registered: 2006-01-23
- Posts: 300
Re: samba settings for /etc/hosts.allow
graysky;
No problem. As the infamous Red Green says, we're all in this together.
Pudge
Offline