Good morning. I am working as system administrator in a LAN with 300 Win9X
clients and I am trying to install a production SAMBA server. I am using
samba 2.0.7 on RedHat Linux 6.2 and Domain security.
I am trying to solve a problem.
*) I have created, for example, 10 shares and I can access only 4 of them
(I have rights to read or write only for 4 shares).
Well, is it possible to hide to my browsing the 6 shares that I can not
access. I need to obtain an effect like the one I have for the Home share.
Each user can only see its own home directory and not the home directories
of the other users. I am trying to understand if I can obtain the same
effect for the other shares.
Thank you very much,
Lorenzo Corradini.
___________________________________________________
Se vuoi un indirizzo di posta elettronica gratuito,
iscriviti a http://www.katamail.com
On 25 Oct 2000 12:53:17 +0000, you wrote:> *) I have created, for example, 10 shares and I can access only 4 of them > (I have rights to read or write only for 4 shares). > Well, is it possible to hide to my browsing the 6 shares that I can not > access. I need to obtain an effect like the one I have for the Home share. > Each user can only see its own home directory and not the home directoriesConsider using something like include = /path/smb.conf.%U include = /path/smb.conf.%G and in /path/smb.conf.UserA put shares for UserA only ... and in /path/smb.conf.GroupA put shares for GroupA only ... -- giulioo@pobox.com
Hello,
I do this by not making any shares in my smb.conf file but adding a line like
the
following in there
include = /path/to/name dependant/shares/smb.conf.%m
the %m is the netbios name of the machine trying to connect.
I have a file for each of my machines, I don't have 300 only about 25 so
this is
managable.
In each of those files I have lines that include shares
include = /path/to/share/conf files/smb.conf.sales
now in each of those files I have the share info.
This works for me because each user is generally at one machine, no moving
around. This is not user dependant but machine dependant. I also put in each
share declaration valid users so if someone does go to another machine and sees
a
share they don't have access to they still can't get in.
There is probably a better way but this seems to work.
Glenn
Lorenzo Corradini wrote:
> Good morning. I am working as system administrator in a LAN with 300 Win9X
> clients and I am trying to install a production SAMBA server. I am using
> samba 2.0.7 on RedHat Linux 6.2 and Domain security.
> I am trying to solve a problem.
>
> *) I have created, for example, 10 shares and I can access only 4 of them
> (I have rights to read or write only for 4 shares).
> Well, is it possible to hide to my browsing the 6 shares that I can not
> access. I need to obtain an effect like the one I have for the Home
share.
> Each user can only see its own home directory and not the home
directories
> of the other users. I am trying to understand if I can obtain the same
> effect for the other shares.
>
> Thank you very much,
> Lorenzo Corradini.
>
> ___________________________________________________
> Se vuoi un indirizzo di posta elettronica gratuito,
> iscriviti a http://www.katamail.com
--
Glenn MacGregor
Director of Services
Oracom, Inc.
http://www.oracom.com
Tel. +1 978.557.5710 Ext. 302
Fax +1 978.557.5716
I am not sure that will work. At the time the config file is read those two
meta
vars are not set. I may be wrong but that is what I understood.
Glenn
Giulio Orsero wrote:
> On 25 Oct 2000 12:53:17 +0000, you wrote:
>
> > *) I have created, for example, 10 shares and I can access only 4 of
them
> > (I have rights to read or write only for 4 shares).
> > Well, is it possible to hide to my browsing the 6 shares that I can
not
> > access. I need to obtain an effect like the one I have for the Home
share.
> > Each user can only see its own home directory and not the home
directories
>
> Consider using something like
>
> include = /path/smb.conf.%U
> include = /path/smb.conf.%G
>
> and in /path/smb.conf.UserA put shares for UserA only
> ...
> and in /path/smb.conf.GroupA put shares for GroupA only
> ...
>
> --
> giulioo@pobox.com
--
Glenn MacGregor
Director of Services
Oracom, Inc.
http://www.oracom.com
Tel. +1 978.557.5710 Ext. 302
Fax +1 978.557.5716
Opps sorry that last message should read ... returned by both 98/ME and W2000Server in such a way that includes's CAN'T receive it. ... Be very careful here. We found that the various variable are returned by the different versions of windoze at different times. For example Windows 98/2E and Windows ME (effectively the same) returned the %u (lowercase) regularly while Windows 2000 Server DOESSN'T... Likewise, %U is not returned by both 98/ME and W2000Server in such a way that includes's can receive it. Don't rely on WindowsME to get things right either... If you rely on Machine type (%a) WindozeME returns Win95!!! (this may be a samba(2.07)) excuse but still. Easy way to check your system [home] ; comment Home directory for %u comment (a)%a (u)%u (U)%U (m)%M (I)%I ... works really well. Look for the "detail" in the share listings. Bruce
Hi> > Consider using something like > > > > include = /path/smb.conf.%U > > include = /path/smb.conf.%G > > > > and in /path/smb.conf.UserA put shares for UserA only > > ... > > and in /path/smb.conf.GroupA put shares for GroupA only > > ...> I am not sure that will work. At the time the config file is read thosetwo meta> vars are not set. I may be wrong but that is what I understood.Actually %U works and we use it here all the time. (note that this is the uppercase %U, not the lowercase one). There is however a problem with NT based clients because they tend to request the list of shares without authenticating themselves. The fix if you have NT machines it to use the "restrict anonymous" option in your smb.conf file. However you will break the Win9x clients because of the way they send the authentication info... Basically if you have a mixed environment (9x/NT) you are out of luck. I have writen a patch to samba that partly solves that issue by adding more options for the "restrict anonymous" option. With this patch, you can set it to: - no (the default) - all / yes (same as today) - NT (only NT workstations are required to authenticate themselves) The patch is against samba 2.0.7 Good luck. Patrick. -------------- next part -------------- A non-text attachment was scrubbed... Name: restrict.patch Type: application/octet-stream Size: 5787 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20001026/5a77d901/restrict.obj