How to hide shares for users that have no rights

Patrick Bihan-Faou patrick at
Thu Oct 26 04:12:45 GMT 2000


> > Consider using something like
> >
> > include = /path/smb.conf.%U
> > include = /path/smb.conf.%G
> >
> > and in /path/smb.conf.UserA put shares for UserA only
> > ...
> > and in /path/smb.conf.GroupA put shares for GroupA only
> > ...

> I am not sure that will work.  At the time the config file is read those
two meta
> vars are not set.  I may be wrong but that is what I understood.

Actually %U works and we use it here all the time. (note that this is the
uppercase %U, not the lowercase one).

There is however a problem with NT based clients because they tend to
request the list of shares without authenticating themselves. The fix if you
have NT machines it to use the "restrict anonymous" option in your smb.conf
file. However you will break the Win9x clients because of the way they send
the authentication info... Basically if you have a mixed environment (9x/NT)
you are out of luck.

I have writen a patch to samba that partly solves that issue by adding more
options for the "restrict anonymous" option. With this patch, you can set it
- no (the default)
- all / yes (same as today)
- NT (only NT workstations are required to authenticate themselves)

The patch is against samba 2.0.7

Good luck.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: restrict.patch
Type: application/octet-stream
Size: 5787 bytes
Desc: not available
Url :

More information about the samba mailing list