Problem:
- computer a and computer b are on the same network
- computer a has Windows XP running, computer b some kind of linux (in my case mandriva)
- network is XDSL-modem with 4 ports
- both computers can be seen in internet
- computer b shall only provide computer a with an samba "windows" share, for all the other computers in the internet it is not allowed to see this share!!


Internet
^
|
v
XDSL-Router/Switch/Gateway
^ ^
| |
v v
computer a computer b


Is it possible with just configuring samba or do I need to do something with iptables, etc... too? Can it be done with standard mandrake firewall?

It is not possible to put them behind SOHO-routers like Linksys or Netgear and portforward the necessary ports, because some ports (i.e. http) are needed by both computers)

Advice is appreciated!

Thanks!

According to the example smb.conf you can do this:



# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.0. 127.


If I'm understanding what you want to do, this should do it for you. The option is well documented in the smb.conf man page, it is quite flexible.

What are the ip addresses of the two machines?

If they are private ip addresses and the router has the public ip address then it shouldn't matter anyway..

Bok

Alpha,

this "hosts allow" parameter looks good to me, I need to test that next time when I'm on this computer! :thumbs:

Bok,

those two machines do have official IP-addresses! If they would be behind a SOHO router I would not be concerned about security :D

Thanks! :cheers:

Found some time to test that: hosts allow is working great!
Thanks!
:cheers:

Is there any reason not to have the router as the only public ip address?

It's a much safer way to have the network.

Bok

My problem is that this device is coming from my ISP and I can not configure it. :(

You could put another router in between that one and your PC's..

Bok

Thanks Bok, I'll consider that...

Another SAMBA question: who of you has running a configuration, where user have to authenticate before seeing a share? Could you share your entries of smb.conf and other configuration files?

current /etc/samba/smb.conf:


[global]
workgroup = Workgroup
netbios name = myserver
server string = Samba Server %v

log file = /var/log/samba/log.%m
max log size = 50

hosts allow = 127.0.0.1 , xxx.xxx.xxx.xxx , yyy.yyy.yyy.yyy , zzz.zzz.zzz.zzzz

security = user
encrypt passwords = yes
username map = /etc/samba/smbusers
guest account = nobody
map to guest = bad user

socket options = SO_KEEP_ALIVE IPTOS_LOWDELAY TCP_NODELAY
dns proxy = no

[test$]
path = /tmp
writable = yes
public = yes


That configuration is asking some workstations to authenticate when accessing \\myserver\test$, some workstations can't access them :confused: (one is Win XP german in workgroup "Arbeitsgruppe" in WAN [xxx], one is Win XP english in workgroup "Workgroup" in LAN [yyy], one is Win XP english in domain in WAN [zzz]; currently only the german one can access)

Is it possible to make a user that does not exist in operating system (/etc/passwd) accessing a samba share?

If not, what kind of password is used when accessing samba? There is another file /etc/samba/smbpasswd, which is currently empty on my linux box...

If I do "smbpasswd" with a user, which is entered in /etc/samba/smbusers, it tells me that I can't do it, because such a user does not exist.

Current samba version used is 3.0.20 coming with mandriva linux.

Do you have ideas how to do this or why two workstations can't access "test$" share, while one can do it?

Is it possible to allow only one user to access this "test$" share?

Help is appreciated! Thanks!

:cheers:

I found a nice link on http://www.oreilly.de/german/freebooks/samba2ger/ (content is in german language) where I could iron all issues out with samba server :D

If you know the options of samba, it is a great tool! But it took some time until I found this great online book, which showed me this options :D

It's just a little bad sad, that the examples are for samba 2.x while I use samba 3x. :(