[Samba] [SPAM] Re: share enumeration, samba-dcerpcd, variable %i

Zhuchenko Valery zvn at belkam.com
Mon Jul 29 13:12:46 UTC 2024 

from ip1=192.168.222.96 and ip2=192.168.22.96 user zvn2 receive test in 
list, hosts allow = 192.168.222.96 in config for share test and global 
access based share enum = Yes, but I need share test in list only from 
ip1=192.168.222.96


when ip1=192.168.222.96
$ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W .

     Sharename       Type      Comment
     ---------       ----      -------
     test            Disk      test
     IPC$            IPC       IPC Service (test server)

and when ip2=192.168.22.96 same result
$ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W .

     Sharename       Type      Comment
     ---------       ----      -------
     test            Disk      test
     IPC$            IPC       IPC Service (test server)


# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_STANDALONE

# Global parameters
[global]
     bind interfaces only = Yes
     dns proxy = No
     domain master = No
     interfaces = 192.168.22.135/24 192.168.222.135/24 lo
     log file = /var/log/samba/%m-%i-%R.log
     logging = syslog file
     logon home =
     logon path =
     max log size = 50
     passdb backend = smbpasswd
     restrict anonymous = 2
     server signing = required
     server string = test server
     smb passwd file = /etc/samba/smbpasswd
     workgroup = TEST
     idmap config * : backend = tdb
     access based share enum = Yes
     cups options = raw
     include = /etc/samba/shares.conf


[test]
     comment = test
     hosts allow = 192.168.222.96
     path = /home/samba/test
     read only = No
     valid users = zvn2


# getfacl /home/samba/test
getfacl: Removing leading '/' from absolute path names
# file: home/samba/test
# owner: root
# group: root
user::rwx
user:zvn2:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:zvn2:rwx
default:group::r-x
default:mask::rwx
default:other::r-x



29.07.2024 16:38, Christian Naumer via samba пишет:
> Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba:
>> user may be same, but from client ip1 this user can't see shares, 
>> which can see from client ip2.
>> need share enumeration by client ip
>
> Have you checked if "hosts allow" in combination with "access based 
> share enum" does what you want?
>
>
>

More information about the samba mailing list