[Samba] How can I show only the shares that user have access to in SAMBA
simon ben
I have implemented samba to right now in test environment to be implemented in production as samba file server
so far its working grt
but I have one issue
i have right now one share and want only the users who have access to the share to see it
and the others should not
when I log into the user who has no access I see the share and when i double click it ask me for username and password
googling arround this issuse is solved by using the below in smb.conf file
hide dot files = yes
hide unreadable = yes
in the share definition section.
but its still visible
security is set as user
here the part of my smb.conf
------------------
[kmplan]
writeable = yes
path = /opt/network/testplan
write list = @localgrp
revalidate = yes
hide unreadable = yes
hide dot files = yes
comment = masterplan testing directory
valid users = @localgrp
-----------------
is there anything i need to set in smb.conf
appreciate your help and advice
regards
simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Björn JACKE
> and the others should not
>
> when I log into the user who has no access I see the share and when i double click it ask me for username and password
>
> googling arround this issuse is solved by using the below in smb.conf file
> hide dot files = yes
> hide unreadable = yes
> in the share definition section.
>
> but its still visible
access based share enum = yes
?
Cheers
Björn
Christian Rost
as far as I know, you can't hide shares with user specific settings. It is not implemented wether in Windows nor in Samba. The only way is to hide the share for all users by adding the "$" at the end of the share name - like [kmplan$].
To limit access to the share you need to set share and corresponding filesystem permissions.
Cheers,
Christian
simon ben <guy2...@yahoo.com> schrieb:
--
Dipl.-Ing. Christian Rost
roCon - Informationstechnologie
Ulmenstraße 45
44534 Lünen
Fon: +49 2306 910 658
Fax: +48 2306 910 664
URL: www.rocon-it.de
simon ben
I really apprecite your quick reply.
by the way I did add the
-------------------------------
[root@kmshare samba]# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "access based share enum"
Ignoring unknown parameter "access based share enum"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[kmplan]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
passdb backend = tdbsam
disable spoolss = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[kmplan]
valid users = @localgrp
write list = @localgrp
read only = No
hide unreadable = Yes
hide unwriteable files = Yes
------------------------------------
the directory /opt/network/testplan is sahred as kmplan and localgrp has 2 valid users
user1 and user2
so if I log in as user1 or user2 kmplan share can be accessed perfectly
i have a third user user3 and he not belong the localgrp .
also wanted to mentioned that I have used webmin to create local users and in
samba windows file sharing option of webmin==> user and group synchronisation ==> i am using yes for all. that is when a unix user is created automatically add a samba user likewise for groups.
apprecite your help and advise
regards
simon
--- On Wed, 10/10/12, Björn JACKE <b...@SerNet.DE> wrote:
Björn JACKE
> -------------------------------
> [root@kmshare samba]# testparm /etc/samba/smb.conf
> Load smb config files from /etc/samba/smb.conf
> Unknown parameter encountered: "access based share enum"
> Ignoring unknown parameter "access based share enum"
Samba 3.6 I think (maybe 3.5 already). On http://www.enterprisesamba.org you
might find recent packages for your distribution that support that feature.
Cheers
Björn
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
☎ +49-551-370000-0, ℻ +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
simon ben
Indeed so grateful for your quick reply
I was indeed using earlier samba
actually I just installed it using yum.
now I did upgrade samba to recent one
samba 3.6.8 and after running the testparm command displayed no errors
but still I was not able to achieve my goal
as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file
hide unreadable = Yes
hide unwriteable files = Yes
Is there anything I could look into
as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups
here below my smb.conf
----
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
disable spoolss = Yes
domain master = No
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[kmplan]
comment = masterplan testing directory
path = /opt/network/testplan
valid users = @localgrp
write list = @localgrp
read only = No
hide unreadable = Yes
hide unwriteable files = Yes
access based share enum = Yes
also here below are the permissions of /opt/network/testplan directory
drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan
Actually every things works fine what I mean is
if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect
but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it.
as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users
regards
simon
--- On Thu, 10/11/12, Björn JACKE <b...@SerNet.DE> wrote:
From: Björn JACKE <b...@SerNet.DE>
Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA
To: "simon ben" <guy2...@yahoo.com>
Cc: sa...@lists.samba.org
simon ben
Dear All,
As I have a issue to display only those shares the users have access too..
i am really trying to find a solution and came across a post
http://serverfault.com/questions/144339/hiding-samba-share-from-browse-list-for-unauthorised-users
its about the include statement
this would exactly achieve my purpose but when I did that as I could put
browseable = no in my kmplan section of my smb.conf file
and
browseable = yes in the include file
testparm says
Can't find include file /etc/samba/%G.conf
i did try with other variables like u or U but its the same
Appreciate your help
regards
simon
--- On Thu, 10/11/12, simon ben <guy2...@yahoo.com> wrote:
simon ben
For the issue i am having to display shares only to
users having access i did come across a article but just
wondering what exactly it means
------------
access based share enum (S)
If this parameter is yes for a service, then the share hosted by the
service will only be visible to users who have read or write access to
the share during share enumeration (for example net view \\sambaserver).
This has parallels to access based enumeration, the main difference
being that only share permissions are evaluated, and security
descriptors on files contained on the share are not used in computing
enumeration access rights.
Default: access based share enum = no
------------
I apprecite if someone could clarify it with example
---------
my smb.conf is
---------------
....
....
[kmplan]
comment = masterplan testing directory
path = /opt/network/testplan
valid users = @localgrp
write list = @localgrp
read only = No
hide unreadable = Yes
hide unwriteable files = Yes
access based share enum = Yes
------------
want only the users of localgrp to see the share and no others
appreciate your kind help
regards
simon