How to hide shares for users that have no rights
bruce at toorak.com
Thu Oct 26 06:39:36 GMT 2000
I think we came across the same thing but I didn't know about the
restrict anonymous option.
For us, we configured %u (lowercase) for our Win98/ME users and for
the very few Windows NT users (all servers) fixed IP adresses (%I)
include /.../%u for the user names and
include /.../%I/sharename/fred or whatever username
This restricts access to a specific user on a specific WinNT IP address
while allowing them to access everything normally
from other Win98 systems under their same users code %u or fred!!
That way we catered for BOTH winNT/Win2000Server and Win98/ME users
in a strictly controlled way. No borrowing of usernames possible on the NT
Must try restrict anonymous...
>> > Consider using something like
>> > include = /path/smb.conf.%U
>> > include = /path/smb.conf.%G
>> > and in /path/smb.conf.UserA put shares for UserA only
>> > ...
>> > and in /path/smb.conf.GroupA put shares for GroupA only
>> > ...
>> I am not sure that will work. At the time the config file is read those
>> vars are not set. I may be wrong but that is what I understood.
>Actually %U works and we use it here all the time. (note that this is the
>uppercase %U, not the lowercase one).
>There is however a problem with NT based clients because they tend to
>request the list of shares without authenticating themselves. The fix if you
>have NT machines it to use the "restrict anonymous" option in your smb.conf
>file. However you will break the Win9x clients because of the way they send
>the authentication info... Basically if you have a mixed environment (9x/NT)
>you are out of luck.
>I have writen a patch to samba that partly solves that issue by adding more
>options for the "restrict anonymous" option. With this patch, you can set it
>- no (the default)
>- all / yes (same as today)
>- NT (only NT workstations are required to authenticate themselves)
>The patch is against samba 2.0.7
>Attachment converted: Tuscan Adventure:restrict.patch (????/----) (000D4C1E)
More information about the samba