Versions: Samba 4.1.6 on Ubuntu 14.04.03 LTS.

I want my server to serve up two Samba shares with only the client IP address as authentication. That is: the client’s IP will determine if it is allowed to access the share. (My LAN has static IP’s for all clients.)

This is what worked for me – your mileage may vary. Samba’s configuration file in Ubuntu is /etc/samba/smb.conf.

I have several users in the ‘mediausers’ group. One of them is ‘media’. Files changed through the Samba share will have ‘media’ as their owner and ‘mediausers’ as their group. Note that the user ‘media’ must be able to access the physical path. It must have at least execute rights (‘traversal rights’ in Windows terms) on all parent folders.

In ‘hosts allow’ place all IP’s that need access. Samba is fairly easy about it’s format. You could say 192.168.1.5, 192.168.1.6, 192.168.1.7 or 192.168.1.0/24 or 192.168.1.0/255.255.255.0, any would work. On a side note: ‘allow hosts’ would also work.

The [global] section must contain:

server role = standalone server
map to guest = Bad User

The shares:

[music]
  path = /var/media/music
  force user = media
  force group = mediausers
  read only = No
  hosts allow = 192.168.1.5, 192.168.1.6, 192.168.1.7

[videos]
  copy = music
  path = /var/media/videos

After changing /etc/samba/smb.conf always do

$ testparm

This will show you any error in your configuration file. Read testparm’s output very carefully. Press Enter to have testparm show you an overview of the effective configuration. Once there’s no more errors do

service smbd restart

to load the new configuration and test from your client if everything works as expected.

Samba’s logfiles are usually in /var/log/samba so check there for errors.