[Samba] Mapping / UNC question

Kerns, Mike mike.kerns at boeing.com
Thu Feb 14 10:22:08 GMT 2002 

Hiya!

The more I read both yours and Antony's the more this approach is making
sense.  I'll take this forward and see what we can do.

Thanks to all,

Mike

> ----------
> From: 	Jason Barker[SMTP:jbarker at edulog.com]
> Sent: 	Wednesday, February 13, 2002 4:12 PM
> To: 	Kerns, Mike; 'samba at lists.samba.org'
> Subject: 	RE: [Samba] Mapping / UNC question
> 
> Hello again Mike.
> 
> As Antony Healey suggested:
> "In addition to making it non-browseable, you could set up a user/pass
> solution between the VB scripts and the PDC.
> 
> This way, the only way they could get in is firstly if they know the full
> path, and secondly, if they know the user/pass combo.
> 
> Regards,
> Antony."
> 
> In that case, I supposed you could use:
> [service]
> 	public = no
> 	valid users = VBAppUser
> 	writeable = yes
> 	browseable = no
> 	other options...
> 
> VBAppUser would be a username on the server machine that was created for
> the
> Visual Basic application to use (and would of course have a password set).
> Of course, the VB application would have to contain the VBAppUser username
> and password in the code (or get it from some config file) and be able to
> use them when connecting to the share.
> This way, no one can see the share in the browse list, and if they do know
> of it's existance, they still need to be able to authenticate to it as the
> VBAppUser.
> 
> You could also use the "hosts allow = ..." option in the service
> definition,
> and use it to restrict access to the share from only certain machines.
> Using
> "hosts allow" by itself would let only the machine(s) running the
> application have access to the share (and anyone using that/those
> machine(s)). Or, by using it with the options above, access would be
> restricted to only that/those machine(s) and only to the VBApplication or
> someone who knew the login and password for VBAppUser account.
> 
> I think that creating a VBAppUser account, restricting access to the
> share,
> and setting up the VB app to connect using that account is probably the
> better way.
> 
> Hope that helps, it's the best I can come up with!
> 
> 
> -Jason
> 
> -----Original Message-----
> From: Kerns, Mike [mailto:mike.kerns at boeing.com]
> Sent: Wednesday, February 13, 2002 3:52 PM
> To: 'samba at lists.samba.org'; 'Jason Barker'
> Subject: RE: [Samba] Mapping / UNC question
> 
> 
> Hiya, Jason!
> 
> Right, we've got that "browseable = no" line in our share stanza of
> smb.conf.  I guess I didn't explain myself thoroughly.
> 
> The problem arises when certain folks who understand the
> "\\host.domain\share" syntax know they can get there that way and map the
> drive.  Any way to stop that and still allow UNCs to work?
> 
> Thanks,
> 
> Mike
> 
> > ----------
> > From: 	Jason Barker[SMTP:jbarker at edulog.com]
> > Sent: 	Wednesday, February 13, 2002 2:44 PM
> > To: 	Kerns, Mike; 'samba at lists.samba.org'
> > Subject: 	RE: [Samba] Mapping / UNC question
> > 
> > As far as I know, if you set "browseable = no" in the service entry for
> > the
> > share, the share will not appear in Windows Explorer/Network
> Neighborhood.
> > In that case, the only way a user could map a drive is if they had
> > knowledge
> > of the share's existance and it's full name. Otherwise, the user would
> > never
> > see it.
> > 
> > Definition of "browseable" from smb.conf html man page:
> > browseable(S)
> > 	This controls whether this share is seen in the list of available
> > 	shares in a net view and in the browse list.
> > Default: browseable = yes
> > 
> > 
> > -----Original Message-----
> > From: Kerns, Mike [mailto:mike.kerns at boeing.com]
> > Sent: Wednesday, February 13, 2002 1:51 PM
> > To: 'samba at lists.samba.org'
> > Subject: [Samba] Mapping / UNC question
> > 
> > 
> > Hiya!
> > 
> > I have a developer that would like to be able to have access to a share
> on
> > a
> > UNIX server running Samba where he can use UNCs embedded in VB code on a
> > win2k client to access files on the share.  No problem, easily done.
> > 
> > He also wants users to _NOT_ be able to use the Windows Explorer to map
> > the
> > drive and gain access that way.  He wants only for his embedded UNCs to
> > access the share.
> > 
> > If you cut off one you cut off both, don't you?  Has anyone done
> anything
> > like this?  I've been through the man pages and the
> > Eckstein/Collier-Brown/Kelly O'Reilly book to no avail.
> > 
> > TIA,
> > 
> > Mike
> > 
> > "Consensus is the negation of leadership"
> >                               --Margaret Thatcher
> > 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list