Restrict samba share access to certain IPs / hosts

Samba provides an easy (well.. almost) way of sharing files and folders between Linux and Windows. In certain situations, it may be required that a certain system allows both write and read permissions to some folders. Now imagine a situation where the systems are in a large subnet: an unrestricted write access gives anyone on the subnet free access to your data (maybe sensitive too). Can something be done so that only certain IPs / hosts in the subnet  get access to your system?

Well, it turns out, Samba developers have given it a good thought.  First of all, edit /etc/hosts and add aliases in the following format:

IP                                alias_name

Say you added 3 aliases for 3 different hosts (alias1, alias2, alias3). This step ensures you dont have to remember the actual IP of the hosts, and those can be referred to by their alias names. Now, edit /etc/samba/smb.conf, and add the following to the [global] section:

  • hostname lookups = yes
  • hosts allow = alias1 alias2 alias3

And its done.. Restart samba server for the changes to take effect:

  • sudo systemctl restart smb.service
  • sudo systemctl nmb.service

Now only the aliased IPs will get access to your samba share, while the rest of the subnet will be blocked out!

3 thoughts on “Restrict samba share access to certain IPs / hosts

  1. Pingback: Set up samba share on Fedora 18 « Pratyush's Weblog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s