Restricting browsing by share w/security=domain
balamw at att.net
balamw at att.net
Thu Mar 9 01:57:18 GMT 2000
Hi all,
It's been a long time since I've had to post to the list
(or eve read it) since Samba just plain works! I'm
currently using 2.0.5a on a Sun Sparc10 running RedHat
Linux 6.0 authenticating users off of our local NT P/BDC
and have noticed something I had never noticed before:
Shares which are restricted only to a select group
(using valid users) are showing up in other users browse
lists (Network Neighborhood or smbclient -L) even though
they have absolutely no rights to the directory. I
realize this is also how NT works, but samba is usually
not bound by such things. ;-)
Here are the relevant sections of smb.conf
[global]
workgroup = STGROUP
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = NT_STGROUP
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
dns proxy = No
[private]
comment = Private area
path = /mnt/local/private
valid users = balamw fredf
public = no
I also have a couple of other unrestricted public shares
that work fine. I'd like private only to be browsable by
myself and fredf, and I don't want other users to even
be aware of its existence. However, if I set "browseable
= no" I can't even see it, even though I can still
explicitly map to it.
Thus, in a sense I'd like it to behave like [homes]
where only I can see my home directory. I seem to recall
that at one point it did work that way although I'm not
sure if I was using "security=shares"
or "security=server" at the time.
I don't know if this behavior is related to "security =
domain", or if it might be related to the fact that most
domain users do not have accounts on the unix box and
thus get mapped to nobody.
Is there any way to achieve what I am trying to do?
Thanks,
Balam
More information about the samba
mailing list