[Samba] Mapping / UNC question
Kerns, Mike
mike.kerns at boeing.com
Thu Feb 14 10:22:08 GMT 2002
Hiya!
The more I read both yours and Antony's the more this approach is making
sense. I'll take this forward and see what we can do.
Thanks to all,
Mike
> ----------
> From: Jason Barker[SMTP:jbarker at edulog.com]
> Sent: Wednesday, February 13, 2002 4:12 PM
> To: Kerns, Mike; 'samba at lists.samba.org'
> Subject: RE: [Samba] Mapping / UNC question
>
> Hello again Mike.
>
> As Antony Healey suggested:
> "In addition to making it non-browseable, you could set up a user/pass
> solution between the VB scripts and the PDC.
>
> This way, the only way they could get in is firstly if they know the full
> path, and secondly, if they know the user/pass combo.
>
> Regards,
> Antony."
>
> In that case, I supposed you could use:
> [service]
> public = no
> valid users = VBAppUser
> writeable = yes
> browseable = no
> other options...
>
> VBAppUser would be a username on the server machine that was created for
> the
> Visual Basic application to use (and would of course have a password set).
> Of course, the VB application would have to contain the VBAppUser username
> and password in the code (or get it from some config file) and be able to
> use them when connecting to the share.
> This way, no one can see the share in the browse list, and if they do know
> of it's existance, they still need to be able to authenticate to it as the
> VBAppUser.
>
> You could also use the "hosts allow = ..." option in the service
> definition,
> and use it to restrict access to the share from only certain machines.
> Using
> "hosts allow" by itself would let only the machine(s) running the
> application have access to the share (and anyone using that/those
> machine(s)). Or, by using it with the options above, access would be
> restricted to only that/those machine(s) and only to the VBApplication or
> someone who knew the login and password for VBAppUser account.
>
> I think that creating a VBAppUser account, restricting access to the
> share,
> and setting up the VB app to connect using that account is probably the
> better way.
>
> Hope that helps, it's the best I can come up with!
>
>
> -Jason
>
> -----Original Message-----
> From: Kerns, Mike [mailto:mike.kerns at boeing.com]
> Sent: Wednesday, February 13, 2002 3:52 PM
> To: 'samba at lists.samba.org'; 'Jason Barker'
> Subject: RE: [Samba] Mapping / UNC question
>
>
> Hiya, Jason!
>
> Right, we've got that "browseable = no" line in our share stanza of
> smb.conf. I guess I didn't explain myself thoroughly.
>
> The problem arises when certain folks who understand the
> "\\host.domain\share" syntax know they can get there that way and map the
> drive. Any way to stop that and still allow UNCs to work?
>
> Thanks,
>
> Mike
>
> > ----------
> > From: Jason Barker[SMTP:jbarker at edulog.com]
> > Sent: Wednesday, February 13, 2002 2:44 PM
> > To: Kerns, Mike; 'samba at lists.samba.org'
> > Subject: RE: [Samba] Mapping / UNC question
> >
> > As far as I know, if you set "browseable = no" in the service entry for
> > the
> > share, the share will not appear in Windows Explorer/Network
> Neighborhood.
> > In that case, the only way a user could map a drive is if they had
> > knowledge
> > of the share's existance and it's full name. Otherwise, the user would
> > never
> > see it.
> >
> > Definition of "browseable" from smb.conf html man page:
> > browseable(S)
> > This controls whether this share is seen in the list of available
> > shares in a net view and in the browse list.
> > Default: browseable = yes
> >
> >
> > -----Original Message-----
> > From: Kerns, Mike [mailto:mike.kerns at boeing.com]
> > Sent: Wednesday, February 13, 2002 1:51 PM
> > To: 'samba at lists.samba.org'
> > Subject: [Samba] Mapping / UNC question
> >
> >
> > Hiya!
> >
> > I have a developer that would like to be able to have access to a share
> on
> > a
> > UNIX server running Samba where he can use UNCs embedded in VB code on a
> > win2k client to access files on the share. No problem, easily done.
> >
> > He also wants users to _NOT_ be able to use the Windows Explorer to map
> > the
> > drive and gain access that way. He wants only for his embedded UNCs to
> > access the share.
> >
> > If you cut off one you cut off both, don't you? Has anyone done
> anything
> > like this? I've been through the man pages and the
> > Eckstein/Collier-Brown/Kelly O'Reilly book to no avail.
> >
> > TIA,
> >
> > Mike
> >
> > "Consensus is the negation of leadership"
> > --Margaret Thatcher
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list