Restrict File Share Access To Only Certain LAN IP Addresses?

Hello
I have a few folders that I would like allow only access to certain ip schema
like for example
-folder "Products" allow access only to 10.10.20.x
-folder "Customers" allow access only to 10.10.21.x

Can this be dome using Samba?

machines connecting are windows machine from different networks coming true vpn

Thank you
-Fred


Similar Content



Linux Mint Share Asks For Password In Windows 7

In Linux Mint, I have right clicked on a folder and selected
"Sharing Options" -> checked the boxes to "Allow others to create and delete files in this folder" and "Guest Access..."

When I access the shared folder on Windows 7 it asks for a password. If I type a password in, it works.

I would like to configure it to not ask for a password, but just open the share.

Network Access

Just joined LQ,I have a question on establishing full access networking with a Win7 box, I'm able to share a created "Public folder" and my devices seem to share well, but I am having to place Win7 objects in "public documents folder" to import, manage or change them, thank you for any conciderations.

Can't Access Samba Share

I have set up a SFTP which I can connect to, go to the right directory and read/write files to.

The full path is home/sftpuser/SFTP/Customer
The user "sftpuser" I am connecting with is in the group "ftpusers" which has read/write access.

That works fine.

Here is my sshd_config:
Code:
Match Group ftpusers ChrootDirectory /home/%u/
 ForceCommand internal-sftp
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

However, I made a samba share of the folder Customer, when I go to the IP adress on a Windows machine "\\10.0.0.1\" I can see the folder Customer, when entering it requests user/pass and afterwards gives an error: you have not the right permissions.

In Webmin:
Customer /home/sftpuser/SFTP/Customer Read/write to everyone

My smb.conf:
Code:
[global]
    syslog = 0
    log file = /var/log/samba/log.%m
    read raw = no
    write raw = no
    passdb backend = tdbsam
    workgroup = DOMAIN
    usershare allow guests = yes
    socket options = TCP_NODELAY
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    unix password sync = yes
    obey pam restrictions = yes
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    server role = standalone server
    server string = %h server (Samba, Ubuntu)
    max log size = 1000
    map to guest = bad user
    panic action = /usr/share/samba/panic-action %d
    dns proxy = no



[Customer]
    force create mode = 755
    browsable = yes
    public = yes
    path = /home/sftpuser/SFTP/Customer
    force directory mode = 755
    writeable = yes
    valid users = @ftpusers
    force group = ftpusers
    write list = @ftpusers

I have been struggling for 3 days and am totally out of ideas.

LS -L for the folder:
Code:
total 4
drwxrwx---+ 2 sftpuser ftpusers 4096 Apr  9 11:35 Customer

Samba-Apache-Webdav Permission Problem With User Www-data

I'm not sure if this should be in the newbie section, but I am somewhat of a newbie, so here goes:

In a home network, I have an Xubuntu file server with a Samba share that has me as the owner and authorizes me to access the share.

On another computer, I have Mint running and providing various services, including webdav on Apache with SSL. In the var/www/webdav directory of the Mint computer, I have the Xubuntu Samba share mounted. This is supposed to allow me to access the Samba share from the public internet.

Everything works fine except for one big problem: Apache requires the owner of the webdav directory to be user "www-data," and I can't figure out how to give www-data access to the Samba share, since www-data is not a user on the Xubuntu computer, and moreover I don't know the password for user www-data.

Can anyone figure out how to get around this problem? In particular, is there a way to configure the Samba share on the Xubuntu computer so that user www-data on the Mint computer can have access to it?

(Incidentally, I have my reasons for using two computers, one as a file server and one as a web server. Also, I am thinking about switching to NFS instead of Samba, but I'm not sure if even that would solve my problem.)

Trouble Configuring Vsftp

Using a Raspberry Pi w/ Debian

Read the manual and several "how-to"s and am getting nowhere

vsftp is running and making a log file. I can get to the Pi with putty or SAMBA

Ultimately want to be able to both(I) ftp in under the "pi" user to access files remotely and (II) have people sending me huge files ftp them in anonymously

Have tried (I) the ftp client in Windows 7 Internet explorer 11, (ii) the ftp client in the Windows 7 "map network drive" UI, and (iii) ES file explorer on my Android phone.

The android phone tells me there is no server there. Windows 7 gets no password challenge, gives no error indication, but does nothing useful. The vsftpd log file shows some attempt by the Windows machine, nothing for the Android.

Config file and log file attached.

The Android is trying to use port 21, the config file mentions something about port 20. Which ports do I need to forward in my router to enable remote access?

Any help appreciated.

Thanks. Jonathan

Samba Configuration Not Letting Me Access Files?

Hey guys, I got samba working and I am able to access my files, however I am now trying to learn security with it. i am pretty much trying to allow certain groups access certain files. if you look at samba group you can see that I have @sambausers group to access sambagroup directory.

I have a user called sambatest01. the user can access "samba users only" but the user can access all of the other files as well. what is a correct set up on the other smb.conf to prevent users from accessing this? I cant seem to find a proper set up


[drivers]
path = /files/drivers
browseable = yes
read only = no
guest ok = no
guest only = no


[samba users only]
path = /files/sambagroup
browseable = yes
read only = no
guest ok = no
guest only = no
write list = @sambausers
valid users = @sambausers

Sharing Folders And Mounting Shares With SetGID / Samba

OK this is kinda long, so I will shorten it as much as I can, as to not be long-winded.

My current network at home:
1 - CentOS 7 desktop (server)
1 - Ubuntu 14.04 desktop
1 - Fedora 21 laptop
2 - Windows 7 desktops
some other various windows boxes also that don't get used regularly, but are on the network.

My 2 Linux desktops (which I use as servers, but they really aren't) have shared folders on them, which I share to the network via Samba (CIFS). I use Samba because Linux is smarter than Windows and Windows won't read NFS, so I share them as Samba so all devices can see them.

Generally speaking, if I share the folders on each box as 0777, I have no issues. But lately I have been wanting to implement some better security, so I wanted to SETGID and chown the shared folders from the local machine to a specific group, then change the folders to 2774.

My problem is that I keep getting permissions errors when trying to connect from the other Linux machines, and sometimes the Windows machines also. My main question is: do I CHMOD 2774 the local mount-point before mounting it? Or so I CHMOD 2774 the shared folder on the other server, then mount it locally to a folder whose permissions are different? Or do I CHMOD both of them the same?

basically the uis and gid ownerships change on a local folder when I mount a shared drive to that folder, so when I try to write or sometimes read that local folder, I get permissions errors.

I can provide any additional info needed.

Ldap User Authentication For Samba Share

- I have samba server and ldap server both on different machine. I want to authenticate all the ldap user on samba share to giving access permission for user's on share. I have refer too many document for that but I am unable to access share with ldap user's username and password. I have referred below link

https://wiki.samba.org/index.php/Samba_&_LDAP

http://www.unixmen.com/setup-samba-d...-ubuntu-13-04/

How to troubleshoot for user authentication on samba share?

Directory

I have folder in Downloads directory to which I need to navigate I'm doing "cd Downloads" and after "cd Folder1 " but terminal says "No such file or directory" how can I access that folder?

Firewall Setup


I have an Intel x86_64 system running rhel 7.0 I want to use this system as a Firewall. The system has two NICs. one NIC is defined with the static IP address from my ISP. The other NIC is also static i.e. no dhcp, and is assigned a LAN addrs of 192.168.10.6 It is plugged into a switch (192.168.10.1) that has other three devices plugged in. Each with it's own hard-coded LAN address (Netmask is 255.255.255.0) I have two zones active in the firewall config External (using the static ip from the ISP) and Internal (using the IP addrs of 192.168.10.6) I'm forwarding the following two ports 80 & 443 in both zones. External zone: ports 80 & 443 are forwarded to my switch (192.168.10.1) Internal zone: ports 80 & 443 are forwarded to my static IP addrs from my ISP. I have IP masquerading turned on in the External zones. However none of the other workstations (Windows 7 professional) and my "smart" TV (netflix access) are able to access the internet. Again I'm NOT using any dhcp, all IP addresses are hard coded. I can ping any LAN address from any LAN node. The Linux FW machine can access the internet. I've read thru the RHEL 7.0 Security guide regarding setting up the firewall and I believe I have all the elements defined properly ... It just doesn't work. I have the same set of DNS values defined on all systems.
They are the three DNS servers assigned by my ISP. I have ipv4 forwarding active on my Linux system. I have masquerading "turned on" in the External zone. The resolv.conf file has the ip addresses of the DNS servers as well as my switch.
However the windows 7 systems and my "smart" TV cannot access the internet.
Anyone who's really familiar with rhel firewall-config GUI and has any suggestions please respond.
Thanks
Guy