[Samba] restrict shares listings in domain to authenticated users

unolinuxguru unolinuxguru at olug.org
Fri Mar 7 03:56:18 GMT 2003


see below...

> On Thu, 6 Mar 2003, unolinuxguru wrote:
<snip>
I want to prevent anonymous/non-domain users from see the available drive
shares on my samba primary domain controller.  A Windows NT4 server on the
network provides this functionality (i.e. I can only see the share
listings if I provide username and password "smbclient -L //nt4pdc -U
username")

>> root at WS-072:/etc/samba# smbclient -L //debianpdc
>> added interface ip=192.168.2.45 bcast=192.168.2.255
>> nmask=255.255.255.0 Password:
>> Anonymous login successful
>> Domain=[LINUXTEST] OS=[Unix] Server=[Samba 2.2.3a-12 for Debian]
>>
>> Sharename Type Comment
>> --------- ---- -------
>> tmp Disk temporary files
>> IPC$ IPC IPC Service (debianpdc server (Samba 2.2.3a-12 for Debian))
>> ADMIN$ Disk IPC Service (debianpdc server (Samba 2.2.3a-12 for
>> Debian))
>>
>>
>> thoughts, suggestions, and of course solutions greatly appreciated.
>> thanks.
>
> If you want to prevent anonymous access to the IPC$ share then in your
> smb.conf [globals] put:
>
> 	restrict anonymous = Yes
>
> - John T.
> --
> John H Terpstra
> Email: jht at samba.org

I was very hopeful with this John, but it did not seem to work.  I added
this line to my smb.conf, testparm said everything was fine, I reloaded
samba, stopped and restarted samba, and even tried from a totally
different gnu/linux systems not even associated with the domain (machine
or user), and it still enumerated the file shares on my samba pdc.

Is there any other configuration options to prevent this?




More information about the samba mailing list