Topic: Access Control to Ibay Via IP address

[ronaldson40]

Hi

I have a particular situation where in I have a domain running on SME and I have set up an ibay on SME. Now other than restricting ibay access by Groups(Username), I want to restrict that ibay by ipaddress

This is basically because I want to force a user to use only a particular workstation when he wants to use the files in that ibay for security reasons.

Regards

[cactus]

This is basically because I want to force a user to use only a particular workstation when he wants to use the files in that ibay for security reasons.

I do not see how that would increase security, it surely increases complexity and maintenance issues.

If you would like to do so you should create custom templates for the httpd ibay template sections as well as the samba ibay section, on both you will have to modify (or add) the lines that restrict access based on ip-number and you would have to make sure the machine has a fixed ip-address.

[ronaldson40]

Users on my network have static IPs.

Do I have to modify the templates under the directory /etc/e-smith/etc/smb.conf for achieving this?

[cactus]

Users on my network have static IPs.

Do I have to modify the templates under the directory /etc/e-smith/etc/smb.conf for achieving this?

No the original template (which should not be modified) should be located at /etc/e-smith/templates/etc/smb.conf/. Locate the proper fragment and copy it to the same directory layout in the /etc/e-smith/templates-custom/ tree, create the necessary structure using mkdir if it does not exist. Modify the copied fragment in the templates-custom tree, this way you will not loose your changes made on upgrades of the e-smith-samba packages.

For more information on the template system see the SME Server Developers Guide linked from the wiki.