How to hide shares for users that have no rights
Bruce
bruce at toorak.com
Thu Oct 26 06:39:36 GMT 2000
Hi there,
I think we came across the same thing but I didn't know about the
restrict anonymous option.
For us, we configured %u (lowercase) for our Win98/ME users and for
the very few Windows NT users (all servers) fixed IP adresses (%I)
ie
include /.../%u for the user names and
include /.../%I/sharename/fred or whatever username
This restricts access to a specific user on a specific WinNT IP address
while allowing them to access everything normally
from other Win98 systems under their same users code %u or fred!!
That way we catered for BOTH winNT/Win2000Server and Win98/ME users
in a strictly controlled way. No borrowing of usernames possible on the NT
servers.
Must try restrict anonymous...
Regards,
Bruce.
>Hi
>
>> > Consider using something like
>> >
>> > include = /path/smb.conf.%U
>> > include = /path/smb.conf.%G
>> >
>> > and in /path/smb.conf.UserA put shares for UserA only
>> > ...
>> > and in /path/smb.conf.GroupA put shares for GroupA only
>> > ...
>
>
>> I am not sure that will work. At the time the config file is read those
>two meta
>> vars are not set. I may be wrong but that is what I understood.
>
>
>Actually %U works and we use it here all the time. (note that this is the
>uppercase %U, not the lowercase one).
>
>There is however a problem with NT based clients because they tend to
>request the list of shares without authenticating themselves. The fix if you
>have NT machines it to use the "restrict anonymous" option in your smb.conf
>file. However you will break the Win9x clients because of the way they send
>the authentication info... Basically if you have a mixed environment (9x/NT)
>you are out of luck.
>
>I have writen a patch to samba that partly solves that issue by adding more
>options for the "restrict anonymous" option. With this patch, you can set it
>to:
>- no (the default)
>- all / yes (same as today)
>- NT (only NT workstations are required to authenticate themselves)
>
>
>The patch is against samba 2.0.7
>
>Good luck.
>
>Patrick.
>
>Content-Type: application/octet-stream;
> name="restrict.patch"
>Content-Disposition: attachment;
> filename="restrict.patch"
>
>Attachment converted: Tuscan Adventure:restrict.patch (????/----) (000D4C1E)
More information about the samba
mailing list