I have a samba server set up at work for simple things, such as printer and folder sharing. There is a "internal" subnet and VLAN and a "guest" subnet and VLAN. Samba runs on the same Debian machine which is also acting as firewall and router, using Shorewall. This machine has a virtual interface for each VLAN. (eth1.1, eth1.2, etc)
Previously I simply did not allow the guest VLAN/subnet access to Samba in the firewall config. But now the employees want the shared printers being served by Samba to be accessible on guest VLAN, so that guests can use our printers.
So I added the guest VLAN to the interfaces Samba binds to, and made a bunch of access lists for each share such as the following:
hosts deny = all
hosts allow = 10.1.1., 10.1.2., 10.1.2.3
This seems to work perfectly and allow guests to browse and connect to the printers but none of password-less shares. There is however one unintended consequence - the NetBIOS names of all my Windows PC's connected to the internal network are now visible to clients on the guest network. My guess is that Samba's WINS server is making them available on the guest network. Since they are on separate subnets/VLANs I do not believe any connections would actually be possible, but I don't want even the names to be visible.
What I want to do is ensure that the printers the Samba server provides are easily browse-able on the guest network, but I do not want NetBIOS names of all of the other PC's from the internal subnet to appear on the guest subnet. Ideally I do not want to change the behavior of WINS on the "internal" subnet at all, as that works fine. In fact, I believe some devices such as network-enabled scanners, with proprietary drivers on Windows machines depend on NetBIOS to be discovered, and I think the WINS server might be aiding in how quickly and reliably that works at the moment.
I found some configuration details for Samba's WINS here: https://www.samba.org/samba/docs/using_samba/ch07.html
However, I am afraid I will be over-complicating the relatively simple task I want to do by using some of those options. What would be the best way of going about this?
