[Samba] restrict shares listings in domain to authenticated users

Thu Mar 6 22:40:02 GMT 2003

I'm setting up a samba primary domain controller in Debian woody and the
users are logging into the domain fine and can access their shares. I
would like to restrict the listings of available shares to only
authenticated users of the samba domain. I know this works in a win NT4
domain, how does one do it with samba?

This is the listing I get from an nt4 pdc (belongs to a different domain
than this system 'WS-072') without supplying a username or password...

root at WS-072:/etc/samba# smbclient -L //nt4pdc
added interface ip=192.168.2.45 bcast=192.168.2.255 nmask=255.255.255.0
Got a positive name query response from 192.168.2.5 ( 192.168.2.5 )
Password:
Anonymous login successful
Domain=[HMS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0]

Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
<snip>

If I do supply a username (with the -U option) and the proper password, I
do get a listing of the available shares.

Now if I try the same listing without a username or password on the samba
primary domain controller of the workgroup this system belongs too... I
should get the same "NT_STATUS_ACCESS_DENIED" for guest user share
listings, but I don't - it shows all of them.

root at WS-072:/etc/samba# smbclient -L //debianpdc
added interface ip=192.168.2.45 bcast=192.168.2.255 nmask=255.255.255.0
Password:
Anonymous login successful
Domain=[LINUXTEST] OS=[Unix] Server=[Samba 2.2.3a-12 for Debian]

Sharename Type Comment
--------- ---- -------
tmp Disk temporary files
IPC$ IPC IPC Service (debianpdc server (Samba 2.2.3a-12 for Debian))
ADMIN$ Disk IPC Service (debianpdc server (Samba 2.2.3a-12 for Debian))

thoughts, suggestions, and of course solutions greatly appreciated. thanks.