If you use those directives there is an implicit "deny all" and only the specified hosts/network etc. will be allowed.
-- Paul Espinosa [EMAIL PROTECTED] IT Supervisor The World Company 785/312-6912 .----[ Rodrigo Haces wrote ]---- | | | Thanks, that's greate, but how do i say tu deny all?? | hosts deny = ALL | ?? | or how? | Thanks! | Rodrigo | | > -----Mensaje original----- | > De: [EMAIL PROTECTED] | > [mailto:[EMAIL PROTECTED] | > nombre de Paul Espinosa | > Enviado el: Miercoles, 16 de Junio de 2004 11:17 a.m. | > Para: [EMAIL PROTECTED] | > Asunto: Re: [Samba] Problem with SAMBA | > | > | > Instead of using /etc/hosts.allow and /etc/hosts.deny use the | > "hosts allow" | > and "interfaces" directive in the smb.conf. | > | > I use (in smb.conf [global] section): | > | > hosts allow = 192.168.1.0/24 127.0.0.1 | > | > interfaces=192.168.1.0/24 127.0.0.1/32 | > | > (Replace with your internal network values) | > | > To ensure that only my internal network has access to the samba | > service. | > | > -- | > Paul Espinosa | > [EMAIL PROTECTED] | > IT Supervisor | > The World Company | > 785/312-6912 | > | > | > ..----[ Rodrigo Haces wrote ]---- | > | | > | | > | Hi, i have a debian box connected to internet by ADSL, in that box i | > | share internet to all my local network, i also have to share 3 | > | directories with samba with full read/write permissions. | > | | > | my hosts.deny is ALL:ALL and my hosts.allow is ALL:127. AND | > | ALL:192.168.0. so that i only accept connections from inside my | > | local network. | > | | > | Here is the problem, i cannot ask for a password to let them | > write in my | > | directories because im using them as a database location so that my | > | CRM application connects there, but with this, intruders from | > | outside my network can write virus programs (And are actually doing | > | it, writing a Xi.exe program). So, how can i prevent this? here is | > | my smb.conf: | > | | > | [global] | > | log file = /var/log/samba/log.%m | > | passwd chat = *Enter\snew\sUNIX\spassword:* %n\n | > | *Retype\snew\sUNIX\spassword:* %n\n | > | socket options = TCP_NODELAY | > | obey pam restrictions = yes | > | null passwords = yes | > | encrypt passwords = true | > | passdb backend = tdbsam guest | > | passwd program = /usr/bin/passwd %u | > | dns proxy = no | > | netbios name = Servidor | > | server string = %h server (Samba %v) | > | invalid users = root | > | workgroup = infosys | > | debug level = 0 | > | os level = 20 | > | syslog = 0 | > | security = share | > | panic action = /usr/share/samba/panic-action %d | > | max log size = 1000 | > | | > | [bitacora] | > | writeable = yes | > | public = yes | > | path = /files/bitacora | > | | > | | > | [comun] | > | writeable = yes | > | public = yes | > | path = /files/comun | > | | > | [admivi] | > | writeable = yes | > | public = yes | > | path = /files/admivi | > | | > | Thank in advanced | > | Rodrigo | > | | > -- | > To unsubscribe from this list go to the following URL and read the | > instructions: http://lists.samba.org/mailman/listinfo/samba | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba