[Samba] prevent normal users from getting userlist

[Craig White]

On Mon, 2005-10-03 at 15:51 +0200, Florian Effenberger wrote:
> Hi,
> 
> > how would this be accomplished in a purely Microsoft Windows
> > environment? This doesn't seem to be a samba question.
> 
> although a Windows server might not be able to do it, on the Samba side
> this could be achieved with just returnin no users to the client, I
> guess. But I'm not quite sure...
----
I think that the goal of samba developers is to deliver a product that
integrates with the expectations of current Windows servers and clients
and would emulate their functionality and you are asking to allow you to
configure samba in a way that the developers have already suggested
would break configuration and normal operations. That doesn't seem to be
something that they are likely to spend at just to satisfy your concept
of security. If there was a security model within Windows that they
could emulate, they probably would - which is why I asked how one could
accomplish your task solely within Windows environment.

In essence, the list of users is returned to the local machine which is
trusted because it was joined to the domain and the user will see this
list enumerated at necessary times (i.e. setting privileges for a file
or folder). If you require a higher level of security, then perhaps the
Windows domain model (including Samba) is not suitable.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.