Christian Naumer
2024-Jul-29 12:38 UTC
[Samba] [SPAM] Re: share enumeration, samba-dcerpcd, variable %i
Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba:> user may be same, but from client ip1 this user can't see shares, which > can see from client ip2. > need share enumeration by client ipHave you checked if "hosts allow" in combination with "access based share enum" does what you want?
Zhuchenko Valery
2024-Jul-29 13:12 UTC
[Samba] [SPAM] Re: share enumeration, samba-dcerpcd, variable %i
from ip1=192.168.222.96 and ip2=192.168.22.96 user zvn2 receive test in list, hosts allow = 192.168.222.96 in config for share test and global access based share enum = Yes, but I need share test in list only from ip1=192.168.222.96 when ip1=192.168.222.96 $ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W . ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?test??????????? Disk????? test ?? ?IPC$??????????? IPC?????? IPC Service (test server) and when ip2=192.168.22.96 same result $ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W . ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?test??????????? Disk????? test ?? ?IPC$??????????? IPC?????? IPC Service (test server) # testparm -s Load smb config files from /etc/samba/smb.conf Loaded services file OK. Weak crypto is allowed Server role: ROLE_STANDALONE # Global parameters [global] ?? ?bind interfaces only = Yes ?? ?dns proxy = No ?? ?domain master = No ?? ?interfaces = 192.168.22.135/24 192.168.222.135/24 lo ?? ?log file = /var/log/samba/%m-%i-%R.log ?? ?logging = syslog file ?? ?logon home ?? ?logon path ?? ?max log size = 50 ?? ?passdb backend = smbpasswd ?? ?restrict anonymous = 2 ?? ?server signing = required ?? ?server string = test server ?? ?smb passwd file = /etc/samba/smbpasswd ?? ?workgroup = TEST ?? ?idmap config * : backend = tdb ?? ?access based share enum = Yes ?? ?cups options = raw ?? ?include = /etc/samba/shares.conf [test] ?? ?comment = test ?? ?hosts allow = 192.168.222.96 ?? ?path = /home/samba/test ?? ?read only = No ?? ?valid users = zvn2 # getfacl /home/samba/test getfacl: Removing leading '/' from absolute path names # file: home/samba/test # owner: root # group: root user::rwx user:zvn2:rwx group::r-x mask::rwx other::--- default:user::rwx default:user:zvn2:rwx default:group::r-x default:mask::rwx default:other::r-x 29.07.2024 16:38, Christian Naumer via samba ?????:> Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba: >> user may be same, but from client ip1 this user can't see shares, >> which can see from client ip2. >> need share enumeration by client ip > > Have you checked if "hosts allow" in combination with "access based > share enum" does what you want? > > >