Hi all,
It's been a long time since I've had to post to the list
(or eve read it) since Samba just plain works! I'm
currently using 2.0.5a on a Sun Sparc10 running RedHat
Linux 6.0 authenticating users off of our local NT P/BDC
and have noticed something I had never noticed before:
Shares which are restricted only to a select group
(using valid users) are showing up in other users browse
lists (Network Neighborhood or smbclient -L) even though
they have absolutely no rights to the directory. I
realize this is also how NT works, but samba is usually
not bound by such things. ;-)
Here are the relevant sections of smb.conf
[global]
workgroup = STGROUP
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = NT_STGROUP
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
dns proxy = No
[private]
comment = Private area
path = /mnt/local/private
valid users = balamw fredf
public = no
I also have a couple of other unrestricted public shares
that work fine. I'd like private only to be browsable by
myself and fredf, and I don't want other users to even
be aware of its existence. However, if I set "browseable
= no" I can't even see it, even though I can still
explicitly map to it.
Thus, in a sense I'd like it to behave like [homes]
where only I can see my home directory. I seem to recall
that at one point it did work that way although I'm not
sure if I was using "security=shares"
or "security=server" at the time.
I don't know if this behavior is related to "security =
domain", or if it might be related to the fact that most
domain users do not have accounts on the unix box and
thus get mapped to nobody.
Is there any way to achieve what I am trying to do?
Thanks,
Balam
hi, i would like to know if it is possible... i have a machine that has multi ips. i would like to operate 2 smb servers. one with an ip, for example, eth0:3, as a printer samba server, and another one, eth0:9, as a file server. is it possible, and how? 2nd, if i enable domain support, will w2k users be able to use the smb server as a pdc? thanks. ayu
balamw@att.net wrote:> > Shares which are restricted only to a select group > (using valid users) are showing up in other users browse > lists (Network Neighborhood or smbclient -L) even though > they have absolutely no rights to the directory. I > realize this is also how NT works, but samba is usually > not bound by such things. ;-) > > Thus, in a sense I'd like it to behave like [homes] > where only I can see my home directory. I seem to recall > that at one point it did work that way although I'm not > sure if I was using "security=shares" > or "security=server" at the time.You can use the include parameter to insert share definitions based upon criteria such as username or primary group name. This would be the easiest solution i think. Cheers, jerry ________________________________________________________________________ Gerald ( Jerry ) Carter Engineering Network Services Auburn University jerry@eng.auburn.edu http://www.eng.auburn.edu/users/cartegw "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )