On Mon, 2003-10-13 at 17:20, John Beimler wrote: > I have a file server that sits between the corporate network, and my > lab. I want the lab side to be very permissive, but only limited access > to the files from the public network. > > I've read up on Samba, and can't quite figure out how to run two > different samba servers on two different interfaces, both with very > different configurations. > > I know about the "interfaces", "bind interfaces only" options but I was > wondering if a single samba configuration could serve up the two > different configurations. > > Any tips, or suggestions - even on how to run two smbd's would be > appreciated. > > > Peace. > > john
The interfaces command is really an all or nothing kind of thing. Most admins setup differing access by username authentication rather than by machine IP. You can use the "hosts allow" (or "allow hosts") command inside various shares to limit the access to only the machines inside your lab. Note that you can use the client machine's IP for some interesting things. Samba even has a variable that expands to it: %I The IP address of the client machine. You can use this and the "config file" parameter in Samba to specify a different Samba config file for each machine based on it's IP. If the IP-Based config file does not exist, then it falls back to using the default. So you could create two configurations, one that is restricted and one that is wide-open... then setup links named after the local machine IP addresses that point to the wide-open configuration. See the man page for smb.conf for more details. I haven't tried to run two versions of Samba on the same machine, but I think that will not work, as NMBD will always bind to 0.0.0.0 even when the interfaces command is used. Here is a section from one of the Samba Docs: For name service it causes nmbd to bind to ports 137 and 138 on the interfaces listed in the interfaces parameter. nmbd also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of reading broadcast messages. If this option is not set then nmbd will service name requests on all of these sockets. If "bind interfaces only" is set then nmbd will check the source address of any packets coming in on the broad- cast sockets and discard any that don’t match the broadcast addresses of the interfaces in the interfaces parameter list. If you read the man page for smb.conf you'll find a lot of interesting things. With some creativity you can get what you want! Good Luck. Jon Carnes -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
