Hello, a forwarded bug: Sometime between samba 2.2.3 and samba 3.0.2, EXCEPT clauses in hosts allow/deny stopped being recursive. The following works as expected: # allow 10.0. subnet, deny 10.0.0. subnet hosts allow = 10.0. EXCEPT 10.0.0. but this does not: # allow 10.0. subnet, deny 10.0.0. subnet, allow 10.0.0.1 host hosts allow = 10.0. EXCEPT 10.0.0. EXCEPT 10.0.0.1 The following patch appears to fix the problem: --- access.c.old Thu Jun 10 10:51:00 2004 +++ access.c Thu Jun 10 10:51:35 2004 @@ -186,8 +186,9 @@ while (*list && !strequal(*list, "EXCEPT")) list++; - for (; *list; list++) { - if ((*match_fn) (*list, item)) /* Exception Found */ + list++; + + if (list_match(list,item,match_fn) != False) { return False; } }
IMO recursive EXCEPT clauses a more confusing than just host allow = 10. 10.0.0.1 hosts deny = 10.0.0. And since there has been no other requests for this feature, I'm going to have to let this one drop. Thanks for supplying the diff though in case anyone else wants to patch their local installation.