[Samba] [SPAM] Re: share enumeration, samba-dcerpcd, variable %i
Zhuchenko Valery
zvn at belkam.com
Mon Jul 29 13:12:46 UTC 2024
from ip1=192.168.222.96 and ip2=192.168.22.96 user zvn2 receive test in
list, hosts allow = 192.168.222.96 in config for share test and global
access based share enum = Yes, but I need share test in list only from
ip1=192.168.222.96
when ip1=192.168.222.96
$ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W .
Sharename Type Comment
--------- ---- -------
test Disk test
IPC$ IPC IPC Service (test server)
and when ip2=192.168.22.96 same result
$ smbclient -L 192.168.22.135 --use-kerberos=off -U zvn2%pppppppp -W .
Sharename Type Comment
--------- ---- -------
test Disk test
IPC$ IPC IPC Service (test server)
# testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE
# Global parameters
[global]
bind interfaces only = Yes
dns proxy = No
domain master = No
interfaces = 192.168.22.135/24 192.168.222.135/24 lo
log file = /var/log/samba/%m-%i-%R.log
logging = syslog file
logon home =
logon path =
max log size = 50
passdb backend = smbpasswd
restrict anonymous = 2
server signing = required
server string = test server
smb passwd file = /etc/samba/smbpasswd
workgroup = TEST
idmap config * : backend = tdb
access based share enum = Yes
cups options = raw
include = /etc/samba/shares.conf
[test]
comment = test
hosts allow = 192.168.222.96
path = /home/samba/test
read only = No
valid users = zvn2
# getfacl /home/samba/test
getfacl: Removing leading '/' from absolute path names
# file: home/samba/test
# owner: root
# group: root
user::rwx
user:zvn2:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:zvn2:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
29.07.2024 16:38, Christian Naumer via samba пишет:
> Am 29.07.24 um 14:35 schrieb Zhuchenko Valery via samba:
>> user may be same, but from client ip1 this user can't see shares,
>> which can see from client ip2.
>> need share enumeration by client ip
>
> Have you checked if "hosts allow" in combination with "access based
> share enum" does what you want?
>
>
>
More information about the samba
mailing list