Samba, WINS and host deny

[Haden]

I have Samba server and several host have no access to it (host deny=....), which is as intended, but the problem is
these host cannot use WINS server, which I would like them to be able to use.

How can I deny host access by IP (not only with password/username) but allow them to use Samba as their WINS server.
(now if I remove them from "host deny" they can use WINS without probs)

 

[Nothinman]

Best bet is probably to use ipchains to allow/disallow access to the ports even before the apps sees the connection, I don't think you can do what you want with just samba.

 

[Haden]

Thanks,
I'll try disallow port 139 for them (it seems WINS is using only 137?).

 

[Haden]

Bump,

No luck with Ipchains... I tried banning variuos ports, but
either it does nothing (one can explore workgroup and enter server
with passw) or makes mess with WINS (one can't even enter workgroup to see systems available).

I thought 139 is for data only, but doing:
ipchains -A input -p tcp -s 0.0.0.0/0 -d 127.0.0.1 139 -j DENY
disallows browsing whole workgroup...
(I also tried 137/138/139 tcp/udp combinations)

Any ideas how to solve this problem?

 

[Nothinman]

I think you're only option is to put WINS on a different box.