Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: covex on December 09, 2020, 10:57:26 am

Title: Avoid samba binding to a vlan interfaces
Post by: covex on December 09, 2020, 10:57:26 am

I've Zentyal 6 and I created a two vlans in the interfaces, however samba not binds to their IPs and is trying to use the for replays for requests that came on a primary IP. The best would be to avoid this. Is the
checkbox
 External (WAN) Check this if you are using Zentyal as a gateway and this interface is connected to your Internet router.

the way to achieve the samba to not to bind to those vlan IPs?

Thanks.

Title: Re: Avoid samba binding to a vlan interfaces
Post by: doncamilo on December 09, 2020, 12:27:27 pm

 :)

Rad this https://wiki.samba.org/index.php/Configure_Samba_to_Bind_to_Specific_Interfaces (https://wiki.samba.org/index.php/Configure_Samba_to_Bind_to_Specific_Interfaces) and this https://doc.zentyal.org/es/appendix-c.html#stubs (https://doc.zentyal.org/es/appendix-c.html#stubs)

Cheers!

Title: Re: Avoid samba binding to a vlan interfaces
Post by: covex on December 10, 2020, 06:54:04 pm

Thanks, I do not like to modify stubs - here is a method that should work: there is a /etc/zentyal/samba.conf with "listen" and "listen_external" directives.. so setting the vlans as "external" and  setting "listen_external=no" should work, not sure what else this means for zentyal behavior thou...  not sure how to use the "listen" as there also seems to be only "yes,no" - not sure what this is for setting listen to no would cause most of the zentyal functions to be useless right?

Title: Re: Avoid samba binding to a vlan interfaces
Post by: doncamilo on December 11, 2020, 02:09:52 pm

 :)

Could be a great solution. Indeed, the samba.conf file isn't generated by templates, so you can change the parameters directly. Actually the change of the listen_external to "no" removes the external interfaces from the smb.conf "interfaces" parameter.

Defining a network interface as external apply the iptables rules configured for external networks and this section of the firewall has a default policy of denying any connection https://doc.zentyal.org/en/firewall.html#firewall-configuration-with-zentyal (https://doc.zentyal.org/en/firewall.html#firewall-configuration-with-zentyal)

So, you'll have to configure the needed firewall rules in order to grant permissions to the usual network traffic in your trunk interface.

Try it and tell us about it!

A great idea.