Hiya!
I have a developer that would like to be able to have access to a share on a
UNIX server running Samba where he can use UNCs embedded in VB code on a
win2k client to access files on the share. No problem, easily done.
He also wants users to _NOT_ be able to use the Windows Explorer to map the
drive and gain access that way. He wants only for his embedded UNCs to
access the share.
If you cut off one you cut off both, don't you? Has anyone done anything
like this? I've been through the man pages and the
Eckstein/Collier-Brown/Kelly O'Reilly book to no avail.
TIA,
Mike
"Consensus is the negation of leadership"
--Margaret Thatcher
As far as I know, if you set "browseable = no" in the service entry
for the
share, the share will not appear in Windows Explorer/Network Neighborhood.
In that case, the only way a user could map a drive is if they had knowledge
of the share's existance and it's full name. Otherwise, the user would
never
see it.
Definition of "browseable" from smb.conf html man page:
browseable(S)
This controls whether this share is seen in the list of available
shares in a net view and in the browse list.
Default: browseable = yes
-----Original Message-----
From: Kerns, Mike [mailto:mike.kerns@boeing.com]
Sent: Wednesday, February 13, 2002 1:51 PM
To: 'samba@lists.samba.org'
Subject: [Samba] Mapping / UNC question
Hiya!
I have a developer that would like to be able to have access to a share on a
UNIX server running Samba where he can use UNCs embedded in VB code on a
win2k client to access files on the share. No problem, easily done.
He also wants users to _NOT_ be able to use the Windows Explorer to map the
drive and gain access that way. He wants only for his embedded UNCs to
access the share.
If you cut off one you cut off both, don't you? Has anyone done anything
like this? I've been through the man pages and the
Eckstein/Collier-Brown/Kelly O'Reilly book to no avail.
TIA,
Mike
"Consensus is the negation of leadership"
--Margaret Thatcher
Hiya, Jason! Right, we've got that "browseable = no" line in our share stanza of smb.conf. I guess I didn't explain myself thoroughly. The problem arises when certain folks who understand the "\\host.domain\share" syntax know they can get there that way and map the drive. Any way to stop that and still allow UNCs to work? Thanks, Mike> ---------- > From: Jason Barker[SMTP:jbarker@edulog.com] > Sent: Wednesday, February 13, 2002 2:44 PM > To: Kerns, Mike; 'samba@lists.samba.org' > Subject: RE: [Samba] Mapping / UNC question > > As far as I know, if you set "browseable = no" in the service entry for > the > share, the share will not appear in Windows Explorer/Network Neighborhood. > In that case, the only way a user could map a drive is if they had > knowledge > of the share's existance and it's full name. Otherwise, the user would > never > see it. > > Definition of "browseable" from smb.conf html man page: > browseable(S) > This controls whether this share is seen in the list of available > shares in a net view and in the browse list. > Default: browseable = yes > > > -----Original Message----- > From: Kerns, Mike [mailto:mike.kerns@boeing.com] > Sent: Wednesday, February 13, 2002 1:51 PM > To: 'samba@lists.samba.org' > Subject: [Samba] Mapping / UNC question > > > Hiya! > > I have a developer that would like to be able to have access to a share on > a > UNIX server running Samba where he can use UNCs embedded in VB code on a > win2k client to access files on the share. No problem, easily done. > > He also wants users to _NOT_ be able to use the Windows Explorer to map > the > drive and gain access that way. He wants only for his embedded UNCs to > access the share. > > If you cut off one you cut off both, don't you? Has anyone done anything > like this? I've been through the man pages and the > Eckstein/Collier-Brown/Kelly O'Reilly book to no avail. > > TIA, > > Mike > > "Consensus is the negation of leadership" > --Margaret Thatcher >
Hello again Mike. As Antony Healey suggested: "In addition to making it non-browseable, you could set up a user/pass solution between the VB scripts and the PDC. This way, the only way they could get in is firstly if they know the full path, and secondly, if they know the user/pass combo. Regards, Antony." In that case, I supposed you could use: [service] public = no valid users = VBAppUser writeable = yes browseable = no other options... VBAppUser would be a username on the server machine that was created for the Visual Basic application to use (and would of course have a password set). Of course, the VB application would have to contain the VBAppUser username and password in the code (or get it from some config file) and be able to use them when connecting to the share. This way, no one can see the share in the browse list, and if they do know of it's existance, they still need to be able to authenticate to it as the VBAppUser. You could also use the "hosts allow = ..." option in the service definition, and use it to restrict access to the share from only certain machines. Using "hosts allow" by itself would let only the machine(s) running the application have access to the share (and anyone using that/those machine(s)). Or, by using it with the options above, access would be restricted to only that/those machine(s) and only to the VBApplication or someone who knew the login and password for VBAppUser account. I think that creating a VBAppUser account, restricting access to the share, and setting up the VB app to connect using that account is probably the better way. Hope that helps, it's the best I can come up with! -Jason -----Original Message----- From: Kerns, Mike [mailto:mike.kerns@boeing.com] Sent: Wednesday, February 13, 2002 3:52 PM To: 'samba@lists.samba.org'; 'Jason Barker' Subject: RE: [Samba] Mapping / UNC question Hiya, Jason! Right, we've got that "browseable = no" line in our share stanza of smb.conf. I guess I didn't explain myself thoroughly. The problem arises when certain folks who understand the "\\host.domain\share" syntax know they can get there that way and map the drive. Any way to stop that and still allow UNCs to work? Thanks, Mike> ---------- > From: Jason Barker[SMTP:jbarker@edulog.com] > Sent: Wednesday, February 13, 2002 2:44 PM > To: Kerns, Mike; 'samba@lists.samba.org' > Subject: RE: [Samba] Mapping / UNC question > > As far as I know, if you set "browseable = no" in the service entry for > the > share, the share will not appear in Windows Explorer/Network Neighborhood. > In that case, the only way a user could map a drive is if they had > knowledge > of the share's existance and it's full name. Otherwise, the user would > never > see it. > > Definition of "browseable" from smb.conf html man page: > browseable(S) > This controls whether this share is seen in the list of available > shares in a net view and in the browse list. > Default: browseable = yes > > > -----Original Message----- > From: Kerns, Mike [mailto:mike.kerns@boeing.com] > Sent: Wednesday, February 13, 2002 1:51 PM > To: 'samba@lists.samba.org' > Subject: [Samba] Mapping / UNC question > > > Hiya! > > I have a developer that would like to be able to have access to a share on > a > UNIX server running Samba where he can use UNCs embedded in VB code on a > win2k client to access files on the share. No problem, easily done. > > He also wants users to _NOT_ be able to use the Windows Explorer to map > the > drive and gain access that way. He wants only for his embedded UNCs to > access the share. > > If you cut off one you cut off both, don't you? Has anyone done anything > like this? I've been through the man pages and the > Eckstein/Collier-Brown/Kelly O'Reilly book to no avail. > > TIA, > > Mike > > "Consensus is the negation of leadership" > --Margaret Thatcher >
Hiya! The more I read both yours and Antony's the more this approach is making sense. I'll take this forward and see what we can do. Thanks to all, Mike> ---------- > From: Jason Barker[SMTP:jbarker@edulog.com] > Sent: Wednesday, February 13, 2002 4:12 PM > To: Kerns, Mike; 'samba@lists.samba.org' > Subject: RE: [Samba] Mapping / UNC question > > Hello again Mike. > > As Antony Healey suggested: > "In addition to making it non-browseable, you could set up a user/pass > solution between the VB scripts and the PDC. > > This way, the only way they could get in is firstly if they know the full > path, and secondly, if they know the user/pass combo. > > Regards, > Antony." > > In that case, I supposed you could use: > [service] > public = no > valid users = VBAppUser > writeable = yes > browseable = no > other options... > > VBAppUser would be a username on the server machine that was created for > the > Visual Basic application to use (and would of course have a password set). > Of course, the VB application would have to contain the VBAppUser username > and password in the code (or get it from some config file) and be able to > use them when connecting to the share. > This way, no one can see the share in the browse list, and if they do know > of it's existance, they still need to be able to authenticate to it as the > VBAppUser. > > You could also use the "hosts allow = ..." option in the service > definition, > and use it to restrict access to the share from only certain machines. > Using > "hosts allow" by itself would let only the machine(s) running the > application have access to the share (and anyone using that/those > machine(s)). Or, by using it with the options above, access would be > restricted to only that/those machine(s) and only to the VBApplication or > someone who knew the login and password for VBAppUser account. > > I think that creating a VBAppUser account, restricting access to the > share, > and setting up the VB app to connect using that account is probably the > better way. > > Hope that helps, it's the best I can come up with! > > > -Jason > > -----Original Message----- > From: Kerns, Mike [mailto:mike.kerns@boeing.com] > Sent: Wednesday, February 13, 2002 3:52 PM > To: 'samba@lists.samba.org'; 'Jason Barker' > Subject: RE: [Samba] Mapping / UNC question > > > Hiya, Jason! > > Right, we've got that "browseable = no" line in our share stanza of > smb.conf. I guess I didn't explain myself thoroughly. > > The problem arises when certain folks who understand the > "\\host.domain\share" syntax know they can get there that way and map the > drive. Any way to stop that and still allow UNCs to work? > > Thanks, > > Mike > > > ---------- > > From: Jason Barker[SMTP:jbarker@edulog.com] > > Sent: Wednesday, February 13, 2002 2:44 PM > > To: Kerns, Mike; 'samba@lists.samba.org' > > Subject: RE: [Samba] Mapping / UNC question > > > > As far as I know, if you set "browseable = no" in the service entry for > > the > > share, the share will not appear in Windows Explorer/Network > Neighborhood. > > In that case, the only way a user could map a drive is if they had > > knowledge > > of the share's existance and it's full name. Otherwise, the user would > > never > > see it. > > > > Definition of "browseable" from smb.conf html man page: > > browseable(S) > > This controls whether this share is seen in the list of available > > shares in a net view and in the browse list. > > Default: browseable = yes > > > > > > -----Original Message----- > > From: Kerns, Mike [mailto:mike.kerns@boeing.com] > > Sent: Wednesday, February 13, 2002 1:51 PM > > To: 'samba@lists.samba.org' > > Subject: [Samba] Mapping / UNC question > > > > > > Hiya! > > > > I have a developer that would like to be able to have access to a share > on > > a > > UNIX server running Samba where he can use UNCs embedded in VB code on a > > win2k client to access files on the share. No problem, easily done. > > > > He also wants users to _NOT_ be able to use the Windows Explorer to map > > the > > drive and gain access that way. He wants only for his embedded UNCs to > > access the share. > > > > If you cut off one you cut off both, don't you? Has anyone done > anything > > like this? I've been through the man pages and the > > Eckstein/Collier-Brown/Kelly O'Reilly book to no avail. > > > > TIA, > > > > Mike > > > > "Consensus is the negation of leadership" > > --Margaret Thatcher > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >