I'm trying to limit access to a Samba share to hosts on the .example.com domain. But when I try to connect from a host on that domain I get denied.
smb.conf
[share1]
...
valid users = ralph
hosts allow = .example.com
Samba log
check_ntlm_password: authentication for user [ralph] -> [ralph] -> [ralph] succeeded
Denied connection from 10.234.56.1 (10.234.56.1)
There is a reverse DNS record in place for that IP address. That leaves me wondering if the Samba server is actually checking the reverse record to see if the host is on that domain.
If I remove the hosts allow statement the share works as expected. I have restarted the nmb service every time I restarted the smb service.
Which component is responsible for performing the PTR record lookup?
Best Answer
The DNS resolving does not seem to work. Add the first three triplets instead of a domain as the
hosts allow
:hosts allow = 10.234.56
restart samba and try again to login.
If DNS needs to be used then some additional configuration is required in Samba:
7.3.4.4 dns proxy
Also check the following:
7.3.4.5 name resolve order