All my local Linux user accounts will be able to log in to my Samba server and access share. How do I restrict access to particular users or network subnet such as 192.168.2.1/24?

You can use TCP wrappers to limit subnet access via:

1. /etc/hosts.allow – This file describes the names of the hosts which are allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.
2. /etc/hosts.deny – This file describes the names of the hosts which are NOT allowed to use the local INET services, as decided by the /usr/sbin/tcpd server.

For example, allow access to smbd service inside LAN only via /etc/hosts.allow:

smbd : 192.168.2.

However, samba may or may not be built to support tcp wrappers.

hosts allow: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  hosts allow = 192.168.2. 127.0.0.1

valid users: Samba Configuration

Open your smb.conf file and add the following line to [share]

[share]
  valid users = user1 user2 @group1 @group2

read only & write only: Samba Configuration

You can also set read and write access to set of users with the read list and write list directives.

[share]
     read only = yes
     write list = user1 user2 @group1 @group2

Examples

Make [sales] share read only but allow user tom and jerry to write it:

[sales]
     comment = All Printers
     path = /nas/fs/sales
     read only = yes
     write list = tom jerry

You can also configure iptables to allow access to the Samba server.

ADVERTISEMENTS