Samba: How to restrict access to server via MAC-address?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Samba: How to restrict access to server via MAC-address?
Hi,
I know the Samba setup command
host allow [IP-address]
to restrict access to the Samba-server by IP-addresses.
I've just set up a WLAN-Access Point in my home-network and the router works in the DHCP-mode in the wireless part. That means IP-addresses of machines logged in on the wireless path do change. So I'm asking myself if there's a possibility to manage access permissions via hardware MAC-addresses, anything like
mac allow [MAC-No. of Network-Interface]
Couldn't find anything in the forums or on the internet. Someone out there with an idea?
Not that I know of. But you can restrict access via username. When samba is configured for security = user if you do not add a smb password then that user does not have access. What OS are the other PCs running?
All other PC are Windoze. I know I have a password option (though I never managed to make it work with Windows machines) but I would prefer a setup without having to type passwords. MAC address would be perfect. I'm thinking about sharing my WLAN broadband access with my neighbor and I just want to keep him out of my server without typing passwords myself every time I want to get in.
I think you can map mac address with ip-address in dhcp server and restrict access to your samba server only to your IPs...
or restrict dhcp server to stop lease some ip-addresses and use it as static addresses on boxes that must access your samba server.but I think is imposible to instruct samba to work with client's mac adress...
Michaelk and Vald offer some workarounds, but say it's impossible to work with MACs themselves. Thanks, folks. Negative answer is an answer also. Anyone else who thinks he can throw in something? Or shall I send a note to the Samba folks to add to the wishlist?
iptables -F
iptables -A INPUT -m mac --mac-source 00:01:6C:18:A5:EA -s 192.168.0.220 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:06:29:29:B3:36 -s 192.168.0.233 -j ACCEPT
iptables -A INPUT -j DROP
in smb.conf
host allow= 192.168.0.220,192.168.0.233
the servere drops every connection if the ip is not matching that MAC from the firewall rules. It seems to work for me... tell me if it works for you.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.