[Samba] Mapping / UNC question

Jason Barker jbarker at edulog.com
Wed Feb 13 16:14:33 GMT 2002

Hello again Mike.

As Antony Healey suggested:
"In addition to making it non-browseable, you could set up a user/pass
solution between the VB scripts and the PDC.

This way, the only way they could get in is firstly if they know the full
path, and secondly, if they know the user/pass combo.


In that case, I supposed you could use:
	public = no
	valid users = VBAppUser
	writeable = yes
	browseable = no
	other options...

VBAppUser would be a username on the server machine that was created for the
Visual Basic application to use (and would of course have a password set).
Of course, the VB application would have to contain the VBAppUser username
and password in the code (or get it from some config file) and be able to
use them when connecting to the share.
This way, no one can see the share in the browse list, and if they do know
of it's existance, they still need to be able to authenticate to it as the

You could also use the "hosts allow = ..." option in the service definition,
and use it to restrict access to the share from only certain machines. Using
"hosts allow" by itself would let only the machine(s) running the
application have access to the share (and anyone using that/those
machine(s)). Or, by using it with the options above, access would be
restricted to only that/those machine(s) and only to the VBApplication or
someone who knew the login and password for VBAppUser account.

I think that creating a VBAppUser account, restricting access to the share,
and setting up the VB app to connect using that account is probably the
better way.

Hope that helps, it's the best I can come up with!


-----Original Message-----
From: Kerns, Mike [mailto:mike.kerns at boeing.com]
Sent: Wednesday, February 13, 2002 3:52 PM
To: 'samba at lists.samba.org'; 'Jason Barker'
Subject: RE: [Samba] Mapping / UNC question

Hiya, Jason!

Right, we've got that "browseable = no" line in our share stanza of
smb.conf.  I guess I didn't explain myself thoroughly.

The problem arises when certain folks who understand the
"\\host.domain\share" syntax know they can get there that way and map the
drive.  Any way to stop that and still allow UNCs to work?



> ----------
> From: 	Jason Barker[SMTP:jbarker at edulog.com]
> Sent: 	Wednesday, February 13, 2002 2:44 PM
> To: 	Kerns, Mike; 'samba at lists.samba.org'
> Subject: 	RE: [Samba] Mapping / UNC question
> As far as I know, if you set "browseable = no" in the service entry for
> the
> share, the share will not appear in Windows Explorer/Network Neighborhood.
> In that case, the only way a user could map a drive is if they had
> knowledge
> of the share's existance and it's full name. Otherwise, the user would
> never
> see it.
> Definition of "browseable" from smb.conf html man page:
> browseable(S)
> 	This controls whether this share is seen in the list of available
> 	shares in a net view and in the browse list.
> Default: browseable = yes
> -----Original Message-----
> From: Kerns, Mike [mailto:mike.kerns at boeing.com]
> Sent: Wednesday, February 13, 2002 1:51 PM
> To: 'samba at lists.samba.org'
> Subject: [Samba] Mapping / UNC question
> Hiya!
> I have a developer that would like to be able to have access to a share on
> a
> UNIX server running Samba where he can use UNCs embedded in VB code on a
> win2k client to access files on the share.  No problem, easily done.
> He also wants users to _NOT_ be able to use the Windows Explorer to map
> the
> drive and gain access that way.  He wants only for his embedded UNCs to
> access the share.
> If you cut off one you cut off both, don't you?  Has anyone done anything
> like this?  I've been through the man pages and the
> Eckstein/Collier-Brown/Kelly O'Reilly book to no avail.
> TIA,
> Mike
> "Consensus is the negation of leadership"
>                               --Margaret Thatcher

More information about the samba mailing list