Re: [newbie] Samba question - making shares invisible
- Normally NETBIOS name to IP resolution is done by the DNS, but you probably don't have one. NETBIOS name to IP resolutin is (or can be) done by a WINS server (which SAMBA will emulate, if you tell it to), or - optionally - from an LMHOSTS files (not LMHOSTS.SAM - that's a SAMple file). - -- Michael J. Leone Registered Linux user #201348 mailto:[EMAIL PROTECTED]ICQ: 50453890 AIM: MikeLeone PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF PGP public key: http://www.mike-leone.com/~turgon/turgon-public-key.gpg Foreman, roving paving crew, Dept. of Roads, Hades. signature.asc Description: This is a digitally signed message part
RE: [newbie] Samba question - making shares invisible
Non domain windows machine authenticate every time they open a share. Domain controlled machines basically log in once, then have access to the resources allocated on a per user basis. Domain controlled machines can also do some interesting things... E.G. autoconfiguration of printers, network logon scripts, roving profiles, etc. -JMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Frank McKenna Sent: Sunday, December 16, 2001 1:58 AM To: [EMAIL PROTECTED] Subject: Re: [newbie] Samba question - making shares invisible Hi Michael, To make things easier, you can set up your Linux box as a domain controller and therefore will only have to deal with username / passwords on the Linux side. If you want to pursue that, let me know. Could you please let me know how to do this and why it would be beneficial TIA Frank McKenna Difficulties increase the closer we approach our Goals Plato ~ It takes a minute to have a crush on someone,an hour to like someone and a day to love someonebut it takes a lifetime to forget someone. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
On Sun, 16 Dec 2001 06:56:50 -0500 Jose M. Sanchez [EMAIL PROTECTED] studiouisly spake these words to ponder: Non domain windows machine authenticate every time they open a share. Domain controlled machines basically log in once, then have access to the resources allocated on a per user basis. Domain controlled machines can also do some interesting things... E.G. autoconfiguration of printers, network logon scripts, roving profiles, etc. -JMS heavens! all I wanna do is just be able to read and write from the windows box to the linux box and be able to use the Linux printer. honest. how ya'll doing today. I was pretty well fried when i went to bed last night. -- daRcmaTTeR Registered Linux User 182496 Mandrake 8.1 - 3:05am up 6 days, 5:00, 3 users, load average: 0.00, 0.00, 0.00 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
On Sun, 16 Dec 2001 00:11:14 -0500 Jose M. Sanchez [EMAIL PROTECTED] studiouisly spake these words to ponder: Password Encryption? as in is encryption turned on? as far as i know it is. is this a bad thing? -- daRcmaTTeR Registered Linux User 182496 Mandrake 8.1 - 3:05am up 6 days, 5:00, 3 users, load average: 0.00, 0.00, 0.00 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
Hi Jose, Thank you for your reply and sorry for the long post everyone. 1) Are the user accounts valid. smbclient -L Sambabox -U Windowsuser Have done this for all three users and there does not appear to be any error messages is the Windows Login name (that you used on the Windows machine to log in initially) that you have added to Samba via smbpasswd -a Windowsuser. As far as I know, things are set up correctly for this. The password that I entered while doing smbclient -L Sambabox -U Windowsuser should be the same as the Linux/Windows password or am I wrong Normally NETBIOS name to IP resolution is done by the DNS, but you probably don't have one. I had DNS set up before I broke my install and had to reinstall the O/S. I thought that I had everything set up the same way as before but that would make sense. I am stumbling around in the dark with this. How would I find out if DNS is running? I know that it is enabled in smb.comf You must then help windows. There are several ways to do this... A) Create a HOSTS file (in the same location as your LMHOSTS or LMHOSTS.SAM example file) which contains the IP - NETBIOS equivalences. Not sure where I would put this or what I would have to put in it. C) Enable the WINS component in Samba and create a local HOSTS entry, and then point the workstations to the Samba box's IP for WINS resolution... Have done th is except for the local hosts entry. Could you explain the local HOSTS entry please Changing the hashing depth to 8 helps. This is a new term for me. Also remember that Windows uses Encrypted passwords, when you use SMBCLIENT locally you are sending clear text so if it works locally but not remotely (from Windows) it's likely that you do not have encryption set up properly... In my smb.conf, I have encrypted password = Yes. On my Windows 98 box, I have hacked the registry to send passwords in clear text. On my W2K box I did nothing in terms of password encryption and I can still log on. If smb.conf is correct, you may be missing a crypt lib or something else and/or too high of a security setting... Crypt.lib is a new term as well. When you say security settings do you mean security = user or the settings for Linux itself? TIA Frank McKenna Difficulties increase the closer we approach our Goals Plato ~ It takes a minute to have a crush on someone,an hour to like someone and a day to love someonebut it takes a lifetime to forget someone. Bear in mind that this is different, but related to the FQDN for your machines! Re: USER B It sounds like your login is failing, and you are falling thru to a Guest share which has no rights! You MUST NOT get an invalid password message, if you do Samba normally has rejected the password sent by Windows... See my other posts about this... -JMS Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
Heh, then the much simpler share level authentication is all you need. -JMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Weaver Sent: Sunday, December 16, 2001 8:49 AM To: newbie Subject: Re: [newbie] Samba question - making shares invisible On Sun, 16 Dec 2001 06:56:50 -0500 Jose M. Sanchez [EMAIL PROTECTED] studiouisly spake these words to ponder: heavens! all I wanna do is just be able to read and write from the windows box to the linux box and be able to use the Linux printer. honest. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
I know exactly what you want to do, but can you get by with something just slightly less? The reason I ask is that one way to make things almost do what you want is to use the [homes] Section type configuration and hide the [homes] share itself by making it non-browseable. (assuming you eliminated all the other shares for the moment...) Each user then only sees ONE entry for themselves when they double click on the server. This entry is user dependant, so if you log in as Jim, all you see is a share called Jim... Of course you can actually use the macro functions to make it appear as machine name, user name, etc. or even the name of a passed variable... (Samba logs in as the authenticated user on the Linux box so you can pass user specific variables this way...) Once this is set up, you can always add shares that you do want everyone to see. You can replicate this technique for multiple shares, and even to point certain users to specific directory shares which only appear when they log in. Yeah I know you talked about it before, but by hiding the homes share itself it almost appears to the user that there are user/login specific shares available... Not really of course... BTW: the NMB portion of Samba could be easily patched to give you what you want if the browseable function was changed slightly. This may be something worth suggesting to the Samba group. Browsing is already controlled by a boolean per share, if instead it could be set to use passed variables then you have your cake and icing... A thought. -JMS -Original Message- From: Jose M. Sanchez [mailto:[EMAIL PROTECTED]] Sent: Saturday, December 15, 2001 8:48 PM To: 'Julian Opificius' Subject: RE: [newbie] Samba question - making shares invisible Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
No it's needed. I'm speculating, but given what you posted it sounds like you almost have everything set up properly. If this is the case the useraccount and/or password being passed is not recognized by samba. If a lib were missing you'ld get this behaviour... Also what version of Windows are you trying to connect with? -JMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Weaver Sent: Sunday, December 16, 2001 8:54 AM To: newbie Subject: Re: [newbie] Samba question - making shares invisible On Sun, 16 Dec 2001 00:11:14 -0500 Jose M. Sanchez [EMAIL PROTECTED] studiouisly spake these words to ponder: Password Encryption? as in is encryption turned on? as far as i know it is. is this a bad thing? -- daRcmaTTeR Registered Linux User 182496 Mandrake 8.1 - 3:05am up 6 days, 5:00, 3 users, load average: 0.00, 0.00, 0.00 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Frank McKenna Sent: Sunday, December 16, 2001 10:44 AM To: [EMAIL PROTECTED] Subject: Re: [newbie] Samba question - making shares invisible Hi Jose, Thank you for your reply and sorry for the long post everyone. 1) Are the user accounts valid. smbclient -L Sambabox -U Windowsuser Have done this for all three users and there does not appear to be any error messages is the Windows Login name (that you used on the Windows machine to log in initially) that you have added to Samba via smbpasswd -a Windowsuser. As far as I know, things are set up correctly for this. The password that I entered while doing smbclient -L Sambabox -U Windowsuser should be the same as the Linux/Windows password or am I wrong Yes and it is case specific! You can get around this slightly by changing the password hashing levels... --- Normally NETBIOS name to IP resolution is done by the DNS, but you probably don't have one. I had DNS set up before I broke my install and had to reinstall the O/S. I thought that I had everything set up the same way as before but that would make sense. I am stumbling around in the dark with this. How would I find out if DNS is running? I know that it is enabled in smb.comf You must then help windows. There are several ways to do this... A) Create a HOSTS file (in the same location as your LMHOSTS or LMHOSTS.SAM example file) which contains the IP - NETBIOS equivalences. Not sure where I would put this or what I would have to put in it. --- The example LMHOSTS.SAM shows you what to do... Basically if the name of your Linux box's SAMBA Netbios name (specified in smb.conf) is SAMBABOX and it's ip is 192.168.0.1 then you put a line in to HOSTS like this 192.168.0.1 SAMBABOX Afterwards ping SAMBABOX Should return 192.168.0.1 C) Enable the WINS component in Samba and create a local HOSTS entry, and then point the workstations to the Samba box's IP for WINS resolution... Have done th is except for the local hosts entry. Could you explain the local HOSTS entry please --- See above... Changing the hashing depth to 8 helps. This is a new term for me. --- The password level = 8 username level = 8 Entries in smb.conf control how many characters in the user name and password Samba will hash in attempting to match the login name and passwords. Say you entered MaryS as a user name and in Windows you also entered the same. Windows loves to change the case of entries. As a result Samba may be seeing MARYS as the username, coming from Samba (or marys). In this case Samba would not accept the user! The USERNAME LEVEL = entry tells Samba to try up to 8 characters changing each to different combinations of uppercase and lower case letters until it gets a match. Without it things must be EXACT. Also remember that Windows uses Encrypted passwords, when you use SMBCLIENT locally you are sending clear text so if it works locally but not remotely (from Windows) it's likely that you do not have encryption set up properly... In my smb.conf, I have encrypted password = Yes. On my Windows 98 box, I have hacked the registry to send passwords in clear text. On my W2K box I did nothing in terms of password encryption and I can still log on. DAMN that's the problem You are not consistent! If encrypted passwords is set to ON in samba then it expects encrypted passwords from Windows. No wonder your W2K box can log in. It's sending encrypted passwords while Windows is not. REVERSE the registry hack in Windows. Make it NOT send cleartext and reboot. --- If smb.conf is correct, you may be missing a crypt lib or something else and/or too high of a security setting... Crypt.lib is a new term as well. When you say security settings do you mean security = user or the settings for Linux itself? --- Neither, the security level for the Linux box overall. You set this during installation and you can reset it in the Mandrake Control center... --- -JMS Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
- SEEING THE LIGHT with Samba - -- Snip --- I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. --- Snip --- Just like browseable = no, right? No, I want the share to show up or not show up as a function of it's accessibility by the current login - i.e. login-dependant, rather than definition-dependant. -- Snip --- Ouch. You're effectively badmouthing Linux and Samba in the same breath. The problem is as Mr. Spock put it; you are exhibiting two-dimensional thinking. The Microsoft metaphors have you firmly by the throat! Samba does indeed keep it simple with the added advantage of incredible flexibility. This same flexibility is hiding the rather obvious from you, namely you are looking at shares (as defined by the [sharename] headers) in the wrong light. The solution is plainly documented, but often overlooked as a result... So here is ONE way of doing what you want easily... You probably have smb.conf share headers already defined in the file... Such as [Bill] Path = /home/bill public = no valid users = bill [Mary] Path = /home/mary public = no valid users = mary [Mark] Path = /home/mark public = no valid users = mark What you've done is effectively defined things which YOU WANT advertised by Samba discreetly... -WRONG-! Instead what you want is [home] path = /home/%m public = no writeable = yes valid users = bill mark mary @validgroup BTW: Samba will create the directories for you automatically as the users attach, if they don't exist. BTW: The @validgroup definition is another way to define valid users... That's it! Huh? (I hear the scratching of the head from here...) Yes the %m is a Samba on the fly substitution macro, which gets replaced when the user attempts to attach to the share... So when Mark attaches to the \\SAMBABOX\HOME share he only sees /home/mark Likewise when Mary attaches to it, she only sees /home/mary. Etc. Samba provides MANY easy ways to skin the cat. Microsoft provides one. Don't mistake Microsoft's restrictions for EASE OF USE. Your familiarity with Microsoft's metaphors came at a cost. A newbie would be just as clueless with Microsoft's way of doing things as they would be with Samba. Microsoft doesn't make it inherently easy, rather you are used to their way of thinking. Samba/Linux does not require rope tricks, just the same devotion to reading the manual (or playing with things) that you at one point underwent with MS$'s products. Linux can sing, the 800lb gorilla can only grunt. My $.02 worth. -JMS [EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
Um, thanks for the rant ... 1) I'm not badmouthing Linux, Samba, or anyone, Mr Sanchez. My comparison of KISS vs the rope was a recognition of the power of Linux, while acknowledging that it requires skill. The last letter of KISS stands for Stupid. The point is, as you eloquently pointed out, that MS and Linux people often think differently. As I said in my original post - it's not wrong, just different. I am NOT criticizing Linux or Samba. 2) I'm not exhibiting two-dimensional thinking, and I can assure you that neither Microsoft nor their metaphors have me by the throat or any other part of my mind, body, or soul. 3) I believe %m is a macro which expands to the Netbios name for the client machine, not the current user name. I suspect you meant to propose the use of %U (session user name), or %u (user name of the current service, if any) . 4) No I don't have specific user shares such as [bill] [mary] and [mark] as you've exemplified below. The [homes] section in my smb.conf does that job for me perfectly. I thank you for your consideration of this issue, but I don't think you understand what I was asking for. I don't want the CREATION or MAPPING of a share to be user/group DERIVED. I want it's BROWSEABILITY to be CONDITIONAL on user/group membership. I'm trying to achieve the equivalence of the following:- browseable = the boolean truth of the current user is in the following list of users, or is a member of one or more of the following list of groups Here's a (hopefully) humorous contrived example of what I'd like to be able to put in smb.conf:- [smutty_pics] path = /usr/pics public = no browse list = @engineering @field_sales @it_guys fred george valid users = @engineering @field_sales @it_guys fred george write list = @it_guys fred george printable = no Note that browse list is not legal, but if it was, it would be exactly what I want. Clearly in the above example, it isn't enough just to make the browse inaccessible to the ladies in Accounting, it would be better if the share was not visible at all. I stress that the above is fictitious, but I think it exemplifies what I want. My actual requirement is simply to make various directories VISIBLE to my wife and I, but INVISIBLE to our kids, while NOT having to put it all into user directory trees. Thank you for your help. Julian Opificius. = At 04:54 AM 12/15/01 -0500, you wrote: - SEEING THE LIGHT with Samba - -- Snip --- I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. --- Snip --- Just like browseable = no, right? No, I want the share to show up or not show up as a function of it's accessibility by the current login - i.e. login-dependant, rather than definition-dependant. -- Snip --- Ouch. You're effectively badmouthing Linux and Samba in the same breath. The problem is as Mr. Spock put it; you are exhibiting two-dimensional thinking. The Microsoft metaphors have you firmly by the throat! Samba does indeed keep it simple with the added advantage of incredible flexibility. This same flexibility is hiding the rather obvious from you, namely you are looking at shares (as defined by the [sharename] headers) in the wrong light. The solution is plainly documented, but often overlooked as a result... So here is ONE way of doing what you want easily... You probably have smb.conf share headers already defined in the file... Such as [Bill] Path = /home/bill public = no valid users = bill [Mary] Path = /home/mary public = no valid users = mary [Mark] Path = /home/mark public = no valid users = mark What you've done is effectively defined things which YOU WANT advertised by Samba discreetly... -WRONG-! Instead what you want is [home] path = /home/%m public = no writeable = yes valid users = bill mark mary @validgroup BTW: Samba will create the directories for you automatically as the users attach, if they don't exist. BTW: The @validgroup definition is another way to define valid users... That's it! Huh? (I hear the scratching of the head from here...) Yes the %m is a Samba on the fly substitution macro, which gets replaced when the user attempts to attach to the share... So when Mark attaches to the \\SAMBABOX\HOME share he only sees /home/mark Likewise when Mary attaches to it, she only sees /home/mary. Etc. Samba provides MANY easy ways to skin the cat. Microsoft provides one. Don't mistake Microsoft's restrictions for EASE OF USE. Your
RE: [newbie] Samba question - making shares invisible
Thanks very much for taking the trouble to write, Dave. Yes, I understand what [homes] does, and I am using it for private directory structures. The problems with [homes] are that :- 1) It defines a directory mapping (and browse visibility) on a user basis, not a group basis, and gives the share the name of that particular user, and 2) There can only be one of them, requiring that everything I want to control must go under that private tree, and therefore everything under that user tree is private, whether I like it or not, unless I create a spiderweb of new mounts or links into various parts of that tree. That is difficult to document and manage. The problem is that I don't want a single directory tree with my name on it just visible to me, or any other single person. I want a series of shares VISIBLE to a GROUP of people, but INVISIBLE to people outside that group. If there was a group equivalent of [homes] it would be something. If I could use a psuedo C statement like browseable = ((%u == fred) | (%u == jim) | (%g == @engineering)); that would work, Or, if there was a browse list like there is a write list, then I could do this :- [stuff_for_grownups_only] path = /usr/adult_stuff read list = @parents write list = @parents browse list = @parents Anybody in the group parents can see and access the share, while anyone not in the group can't even see it, let alone access it. I've investigated [homes], %u, %m, read list, and chmod. None of these do what I need. All these tools work on the issue of accessibility. My issue is visibilibty, not accessibility. To reiterate one more time ... I want to make a SERIES of individual shares with their own USER_INDEPENDANT names VISIBLE browseable (or not) as a function of the identity or group membership of whoever is logged on. I don't want to map a SINGLE directory tree available with the name of the particular user. I don't want shares to be visible but not accessible. See ? Many thanks again :-) julian. === At 07:35 AM 12/15/01 -0600, you wrote: I finally hit upon a similar idea this morning. The generic [Homes] share, as defined by Samba, is created on the fly for each particular user when they login, and is only visible to that user. It automatically maps to the user's Linux account and home directory. Thus, when I login on my laptop to my home network, I can see two shares on my Linux Samba server: a Public share for me and my wife, and a Dave share that is my home directory. My wife Carrie will never see the Dave share (unless she logs in as me), and I will never see the Carrie share (unless I log in as her). Since the Dave share is my own home directory, I can create subdirectories, etc. and have them all private for myself. Likewise for Carrie. If I want to make a file or directory public to everyone, I can just copy or move it to the Public share, and then delete it or move it back to my home (Dave) share when I want it to become private again. Here's my [Homes] definition smb.conf from my server: [homes] comment = Home Directories browseable = no writable = yes guest ok = no Notice that I do not need to define a path. Samba knows that the share definition [Homes] is supposed to point to /home/username, where username is the Windows (and Linux) login user name. All I need to do is create a Linux user account that matches each Windows user account (name and password), and then each Windows user will have a home share that is private. Also notice that I do not need to list valid users. Again, this is because Samba automatically knows that the only valid user for a particular home share is the one user to whom the home directory belongs. Dave On Sat, 2001-12-15 at 03:54, Jose M. Sanchez wrote: The solution is plainly documented, but often overlooked as a result... So here is ONE way of doing what you want easily... You probably have smb.conf share headers already defined in the file... Such as [Bill] Path = /home/bill public = no valid users = bill [Mary] Path = /home/mary public = no valid users = mary [Mark] Path = /home/mark public = no valid users = mark What you've done is effectively defined things which YOU WANT advertised by Samba discreetly... -WRONG-! Instead what you want is [home] path = /home/%m public = no writeable = yes valid users = bill mark mary @validgroup BTW: Samba will create the directories for you automatically as the users attach, if they don't exist. BTW: The @validgroup definition is another way to define valid users... That's it! Huh? (I hear the scratching of the head from here...) Yes the %m is a Samba on the fly substitution macro, which gets replaced when the user attempts to attach to the share... So when Mark attaches to the \\SAMBABOX\HOME share he
Re: [newbie] Samba question - making shares invisible
and it doesn't like that one. i've even tried the Linux box's root passwd and _that_ doens't work either. the weird thing that got me going this direction was I opened the config file and commented out ALL of the global settings cause i wanted to see how things would react, then attempted to connect from the windows machine in a terminal. low and behold it asked for a password. But neither my son nor myself knew which one it was asking for. I'm going to take your advice and get rid of the other two users that mirror machine names. they're confusing the hell outa me. O, and BTW... I LOVE british humor. the dryer the better sometimes. Hi, I believe the password it is looking for is one set in the control panelpasswords It want's a change password and that is where you put in the user password for the login. It must be the same, as I understand it as the one you want to access through in samba. Not an expert but fumbling with these issues also. Guys, Samba (when you connect via network neighborhood in windows) is expecting the password for the password associated with the login you used for windows. There are few things that might happen depending on what exactly your situation is: 1. The password for the windows username and the linux username are different, thus it is asking for the password currently set for the linux username. 2. The windows username that you logged into windows with is not a valid linux username (and is not mapped to a linux username via /etc/samba/smbusers), in which case it will either ask for a password, or in the case of windows 2000, will ask for a valid linux username / password combination. 3. The username is not a 'valid user' for the share you are trying to access, and thus it will prompt for either a password (Win 95/98) or a username / password combination (Win NT / 2000). To make things easier, you can set up your linux box as a domain controller and therefore will only have to deal with username / passwords on the linux side. If you want to pursue that, let me know. Michael -- Michael Viron Registered Linux User #81978 Senior Systems Administration Consultant Web Spinners, University of West Florida Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
Password Encryption? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Weaver Sent: Saturday, December 15, 2001 11:21 PM To: newbie Subject: Re: [newbie] Samba question - making shares invisible well, I found the file LMHOSTS.SAM on my windows machine and now the HOSTS.SAM, LMHOSTS.SAM, and HOSTS file all contain the same information just in case. 127.0.0.1 localhost 192.168.0.1 mdw1982 the linux user is the same as the windows user. I just don't know what else to look at. it's as though the windows machine is mocking me. I bet it is! i'm going to hit the rack for now and maybe get a fresh start in the morning. maybe there's something I'm missing and a good night's sleep will help me see it. thanks for all the help. I'll catch up with you all tomorrow. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
have you checked the samba mailing list archives? its very likely that someone else has wanted to do that at some stage.. rgds Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Julian Opificius Sent: Sunday, 16 December 2001 2:16 AM To: [EMAIL PROTECTED] Subject: RE: [newbie] Samba question - making shares invisible Thanks very much for taking the trouble to write, Dave. Yes, I understand what [homes] does, and I am using it for private directory structures. The problems with [homes] are that :- 1) It defines a directory mapping (and browse visibility) on a user basis, not a group basis, and gives the share the name of that particular user, and 2) There can only be one of them, requiring that everything I want to control must go under that private tree, and therefore everything under that user tree is private, whether I like it or not, unless I create a spiderweb of new mounts or links into various parts of that tree. That is difficult to document and manage. The problem is that I don't want a single directory tree with my name on it just visible to me, or any other single person. I want a series of shares VISIBLE to a GROUP of people, but INVISIBLE to people outside that group. If there was a group equivalent of [homes] it would be something. If I could use a psuedo C statement like browseable = ((%u == fred) | (%u == jim) | (%g == @engineering)); that would work, Or, if there was a browse list like there is a write list, then I could do this :- [stuff_for_grownups_only] path = /usr/adult_stuff read list = @parents write list = @parents browse list = @parents Anybody in the group parents can see and access the share, while anyone not in the group can't even see it, let alone access it. I've investigated [homes], %u, %m, read list, and chmod. None of these do what I need. All these tools work on the issue of accessibility. My issue is visibilibty, not accessibility. To reiterate one more time ... I want to make a SERIES of individual shares with their own USER_INDEPENDANT names VISIBLE browseable (or not) as a function of the identity or group membership of whoever is logged on. I don't want to map a SINGLE directory tree available with the name of the particular user. I don't want shares to be visible but not accessible. See ? Many thanks again :-) julian. === At 07:35 AM 12/15/01 -0600, you wrote: I finally hit upon a similar idea this morning. The generic [Homes] share, as defined by Samba, is created on the fly for each particular user when they login, and is only visible to that user. It automatically maps to the user's Linux account and home directory. Thus, when I login on my laptop to my home network, I can see two shares on my Linux Samba server: a Public share for me and my wife, and a Dave share that is my home directory. My wife Carrie will never see the Dave share (unless she logs in as me), and I will never see the Carrie share (unless I log in as her). Since the Dave share is my own home directory, I can create subdirectories, etc. and have them all private for myself. Likewise for Carrie. If I want to make a file or directory public to everyone, I can just copy or move it to the Public share, and then delete it or move it back to my home (Dave) share when I want it to become private again. Here's my [Homes] definition smb.conf from my server: [homes] comment = Home Directories browseable = no writable = yes guest ok = no Notice that I do not need to define a path. Samba knows that the share definition [Homes] is supposed to point to /home/username, where username is the Windows (and Linux) login user name. All I need to do is create a Linux user account that matches each Windows user account (name and password), and then each Windows user will have a home share that is private. Also notice that I do not need to list valid users. Again, this is because Samba automatically knows that the only valid user for a particular home share is the one user to whom the home directory belongs. Dave On Sat, 2001-12-15 at 03:54, Jose M. Sanchez wrote: The solution is plainly documented, but often overlooked as a result... So here is ONE way of doing what you want easily... You probably have smb.conf share headers already defined in the file... Such as [Bill] Path = /home/bill public = no valid users = bill [Mary] Path = /home/mary public = no valid users = mary [Mark] Path = /home/mark public = no valid users = mark What you've done is effectively defined things which YOU WANT advertised by Samba discreetly... -WRONG-! Instead what you want is [home] path = /home/%m public = no writeable = yes valid users = bill mark mary @validgroup BTW: Samba will create the directories for you automatically as the users attach
RE: [newbie] Samba question - making shares invisible
are you using samba from 8.1??? if so, go to the cooker and get the 2.2.2 rpms,, they are excellent and appear to be very stable, have loaded them on mine when they came out and not restarted since and all is fine.. the default setup, (just starting smb) will make your home directories available to whatever login you have.. will also share any cups printers on the box. then make your samba users, and make them the same as the username and passwords on your windows box's so if you have a windows box that you log into as username: markw and password markwpassword then use the: smbpasswd -a markw to create the user and enter its password.. when your windows box tries to connect to the samba shares, it will by default send the username and password that the windows box was logged in as. I had lots of problems until I got it worked out (by luck the first time), since then none of my installs has had any problems. so here is what I would do in your situation, (assuming I understand your situation.) 1. install 2.2.2 samba all packages, (you don't need all, but what the hell, they are small.) 2. smbpasswd -a for all users. 3. Doesn't hurt for all samba users to have the same username and password on the linux box. but you don't have to, you can map a smb user to a different linux user. but for the purposes of this, lets go with KISS and match the usernames and passwords. give that a shot and let me know how you go.. rgds Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mark Weaver Sent: Sunday, 16 December 2001 10:10 AM To: newbie Subject: Re: [newbie] Samba question - making shares invisible On Sat, 15 Dec 2001 19:44:45 -0600 Julian Opificius [EMAIL PROTECTED] studiouisly spake these words to ponder: I'm a little worried, as I said before, about the users mdw1982 and the alexhome in the valid users list in the above definition. It would be better if, until you got all this working, you didn't have account names the same as machine names. I don't know if it's a problem, but it might be better to simplify things till you're sure it's OK to do that. Try taking out mdw1982 and alexhome account names. Also, I'd take out the write list = . The fact that the key word is there but has no arguments will probably make the share essentially read-only. ok...I've redone the entire configuration. I'm beginning to think that there's something really simple that I'm overlooking cause when I attempt to map a drive in Network Neighborhood I get as far as making the connection where it asks for the password, but I'm not sure which password it's asking for cause I give it the password of the user thats trying to connect, user = markw passwd = casey81 and it doesn't like that one. i've even tried the Linux box's root passwd and _that_ doens't work either. the weird thing that got me going this direction was I opened the config file and commented out ALL of the global settings cause i wanted to see how things would react, then attempted to connect from the windows machine in a terminal. low and behold it asked for a password. But neither my son nor myself knew which one it was asking for. I'm going to take your advice and get rid of the other two users that mirror machine names. they're confusing the hell outa me. O, and BTW... I LOVE british humor. the dryer the better sometimes. -- daRcmaTTeR Registered Linux User 182496 Mandrake 8.1 - 8:05pm up 5 days, 22:00, 3 users, load average: 0.31, 0.39, 0.37 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
On Saturday 15 December 2001 21:10, you wrote: On Sat, 15 Dec 2001 19:44:45 -0600 Julian Opificius [EMAIL PROTECTED] studiouisly spake these words to ponder: I'm a little worried, as I said before, about the users mdw1982 and the alexhome in the valid users list in the above definition. It would be better if, until you got all this working, you didn't have account names the same as machine names. I don't know if it's a problem, but it might be better to simplify things till you're sure it's OK to do that. Try taking out mdw1982 and alexhome account names. Also, I'd take out the write list = . The fact that the key word is there but has no arguments will probably make the share essentially read-only. ok...I've redone the entire configuration. I'm beginning to think that there's something really simple that I'm overlooking cause when I attempt to map a drive in Network Neighborhood I get as far as making the connection where it asks for the password, but I'm not sure which password it's asking for cause I give it the password of the user thats trying to connect, user = markw passwd = casey81 and it doesn't like that one. i've even tried the Linux box's root passwd and _that_ doens't work either. the weird thing that got me going this direction was I opened the config file and commented out ALL of the global settings cause i wanted to see how things would react, then attempted to connect from the windows machine in a terminal. low and behold it asked for a password. But neither my son nor myself knew which one it was asking for. I'm going to take your advice and get rid of the other two users that mirror machine names. they're confusing the hell outa me. O, and BTW... I LOVE british humor. the dryer the better sometimes. Mark it just came to me that you are trying to look at a share from a windows machine on the linux server machine? If that is the case then the windows machine wants a file or folder marked shared and it will show a hand palm up under the icon in my computer . If you shared a file or drive or whatever in windows, then when you set it up to be shared , you had to right click to go to properties and then click on shared. In the box that pops up it asks for a user name and a password, if you put a password in that is the one it wants in linneighborhood, if you put no password in then that is what it wants. In other words in the linux linneighborhood when it asks for the user and password give it the user name for the windows share and do not enter a password, just click on OK, unless you did give it a password when setting up the shared file and in that case that is the password to use, You can go back in to the windows share process and change the password if need be . I hope this is understandable as I have typed it. If not come back to the list and I will try again. HTH -- Dennis M. registered linux user # 180842 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: [newbie] Samba question - making shares invisible
There are two components to this... 1) Are the user accounts valid. Before trying anything from Windows, you should always... smbclient -L Sambabox -U Windowsuser Where SAMBABOX is the netbios name of the SAMBA server, and Windowuser is the Windows Login name (that you used on the Windows machine to log in initially) that you have added to Samba via smbpasswd -a Windowsuser. If Samba prompts for a password and shows you a list of shares, it's likely that your problem is not with Samba itself. Which brings us to part two... 2) Samba broadcasts the available shares via it's NMB component. Samba basically tells the machines that Server \\Sambabox has \\Sambabox\share1, etc. shares available. It's up to the Windows machine to make it back to the share itself, or rather to find a way to the Samba server. The Windows Machine needs a way to resolve the Sambabox entry to an IP address. Since Samba is NOT NT it cant use the same mechanism to do this that NT utilizes... Normally NETBIOS name to IP resolution is done by the DNS, but you probably don't have one. You must then help windows. There are several ways to do this... A) Create a HOSTS file (in the same location as your LMHOSTS or LMHOSTS.SAM example file) which contains the IP - NETBIOS equivalences. B) Use a local DNS to do the work C) Enable the WINS component in Samba and create a local HOSTS entry, and then point the workstations to the Samba box's IP for WINS resolution... All three work although A is easiest for small LANs... You should be able to ping the SAMBA box by NETBIOS NAME I.E. ping Sambabox from a command line in Windows should work. Bear in mind that this is different, but related to the FQDN for your machines! Re: USER B It sounds like your login is failing, and you are falling thru to a Guest share which has no rights! You MUST NOT get an invalid password message, if you do Samba normally has rejected the password sent by Windows... See my other posts about this... Changing the hashing depth to 8 helps. Also remember that Windows uses Encrypted passwords, when you use SMBCLIENT locally you are sending clear text so if it works locally but not remotely (from Windows) it's likely that you do not have encryption set up properly... If smb.conf is correct, you may be missing a crypt lib or something else and/or too high of a security setting... -JMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Frank McKenna Sent: Saturday, December 15, 2001 10:54 PM To: [EMAIL PROTECTED] Subject: Re: [newbie] Samba question - making shares invisible I have a similar problem where I can see all three users of my Mandrake 8.0 box in network Neighbourhood. When I try to log on as user A or C, I get an error message saying that the password is invalid. I can then access user B. When I log on as user B, I can not log on or access any shares. This is driving me nuts as well. Any suggestions? TIA Frank McKenna Difficulties increase the closer we approach our Goals Plato ~ It takes a minute to have a crush on someone,an hour to like someone and a day to love someonebut it takes a lifetime to forget someone. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
Hi Michael, To make things easier, you can set up your Linux box as a domain controller and therefore will only have to deal with username / passwords on the Linux side. If you want to pursue that, let me know. Could you please let me know how to do this and why it would be beneficial TIA Frank McKenna Difficulties increase the closer we approach our Goals Plato ~ It takes a minute to have a crush on someone,an hour to like someone and a day to love someonebut it takes a lifetime to forget someone. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[newbie] Samba question - making shares invisible
With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). Thanks in advance. Julian Opificius. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). If I remember correctly, under a share definition just add: browseable = no This will make it invisible, but you can still map a network drive to it. However, this makes it invisible to everyone, not just selected users. I would seggest 'man smb.conf' for further information. Dave -- -- Male cadavers are incapable of yielding testimony. -- Individuals who make their abode in vitreous edifices would be well advised to refrain from catapulting projectiles. -- Neophyte's serendipity. -- Exclusive dedication to necessitious chores without interludes of hedonistic diversion renders John a hebetudinous fellow. -- A revolving concretion of earthy or mineral matter accumulates no congeries of small, green bryophytic plant. -- Abstention from any aleatory undertaking precludes a potential escallation of a lucrative nature. -- Missiles of ligneous or osteal consistency have the potential of fracturing osseous structure, but appellations will eternally remain innocuous. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
Hello: Have you tried the veto files command? I have not used it, but the book I have has a description for it, which you might find helpful: veto files: Contains a list of file and directory names that are marked by Samba as not visible and cannot be accessed by users. Entires in the list are separated by the / character, and the ? and * wildcard characters can be used. For example, to veto access to Windows executables files on a file share use veto files = /*.exe/*.com/*.bat/. If the case-sensitive parameter is false, Samba will veto files regard to case. Hopefully, this command can help you solve your problem. Good luck... Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: I've pored over man on the Samba web-site, and yes, you remember correctly ;-) It's true that though browseable = no hides a share from everyone, you can still map to it, but then how does one know it's there? That's cryptic and unreasonably clumsy for non-expert users (which includes me), who have other things to remember, like where we've put the car keys. Seems like it's all or nothing, which is not really very clever at all. What we need is a hide unavailable shares = true/false switch for smb.conf or something like that. Thanks for the response, Dave. Any Samba programmers out there listening, or other wizards? Julian. At 07:56 AM 12/14/01 -0600, Dave Sherman replied: On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). If I remember correctly, under a share definition just add: browseable = no This will make it invisible, but you can still map a network drive to it. However, this makes it invisible to everyone, not just selected users. I would seggest 'man smb.conf' for further information. Dave = Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
Thanks for the response Dexter. No, what I'm looking for is to have shares simply not show up in the network directory listing if the current user is not authorized to access them. I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. Thanks again. Julian. = At 09:11 AM 12/14/01 -0700, you wrote: Hello: Have you tried the veto files command? I have not used it, but the book I have has a description for it, which you might find helpful: veto files: Contains a list of file and directory names that are marked by Samba as not visible and cannot be accessed by users. Entires in the list are separated by the / character, and the ? and * wildcard characters can be used. For example, to veto access to Windows executables files on a file share use veto files = /*.exe/*.com/*.bat/. If the case-sensitive parameter is false, Samba will veto files regard to case. Hopefully, this command can help you solve your problem. Good luck... Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: I've pored over man on the Samba web-site, and yes, you remember correctly ;-) It's true that though browseable = no hides a share from everyone, you can still map to it, but then how does one know it's there? That's cryptic and unreasonably clumsy for non-expert users (which includes me), who have other things to remember, like where we've put the car keys. Seems like it's all or nothing, which is not really very clever at all. What we need is a hide unavailable shares = true/false switch for smb.conf or something like that. Thanks for the response, Dave. Any Samba programmers out there listening, or other wizards? Julian. At 07:56 AM 12/14/01 -0600, Dave Sherman replied: On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). If I remember correctly, under a share definition just add: browseable = no This will make it invisible, but you can still map a network drive to it. However, this makes it invisible to everyone, not just selected users. I would seggest 'man smb.conf' for further information. Dave = Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re: [newbie] Samba question - making shares invisible
This probabally isn't what you want, but if you end a SMB share name with a '$' it will not show up in browse lists but will still be accessable (assuming you have rights to the share and the underlying files of course.) -Original Message- From: Julian Opificius [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 14 Dec 2001 10:44:01 -0600 Subject: Re: [newbie] Samba question - making shares invisible Thanks for the response Dexter. No, what I'm looking for is to have shares simply not show up in the network directory listing if the current user is not authorized to access them. I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. Thanks again. Julian. = At 09:11 AM 12/14/01 -0700, you wrote: Hello: Have you tried the veto files command? I have not used it, but the book I have has a description for it, which you might find helpful: veto files: Contains a list of file and directory names that are marked by Samba as not visible and cannot be accessed by users. Entires in the list are separated by the / character, and the ? and * wildcard characters can be used. For example, to veto access to Windows executables files on a file share use veto files = /*.exe/*.com/*.bat/. If the case-sensitive parameter is false, Samba will veto files regard to case. Hopefully, this command can help you solve your problem. Good luck... Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: I've pored over man on the Samba web-site, and yes, you remember correctly ;-) It's true that though browseable = no hides a share from everyone, you can still map to it, but then how does one know it's there? That's cryptic and unreasonably clumsy for non-expert users (which includes me), who have other things to remember, like where we've put the car keys. Seems like it's all or nothing, which is not really very clever at all. What we need is a hide unavailable shares = true/false switch for smb.conf or something like that. Thanks for the response, Dave. Any Samba programmers out there listening, or other wizards? Julian. At 07:56 AM 12/14/01 -0600, Dave Sherman replied: On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). If I remember correctly, under a share definition just add: browseable = no This will make it invisible, but you can still map a network drive to it. However, this makes it invisible to everyone, not just selected users. I would seggest 'man smb.conf' for further information. Dave = Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re: [newbie] Samba question - making shares invisible
Just like browseable = no, right? No, I want the share to show up or not show up as a function of it's accessibility by the current login - i.e. login-dependant, rather than definition-dependant. Thanks all the same. Julian. === At 11:55 AM 12/14/01 -0600, you wrote: This probabally isn't what you want, but if you end a SMB share name with a '$' it will not show up in browse lists but will still be accessable (assuming you have rights to the share and the underlying files of course.) -Original Message- From: Julian Opificius [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 14 Dec 2001 10:44:01 -0600 Subject: Re: [newbie] Samba question - making shares invisible Thanks for the response Dexter. No, what I'm looking for is to have shares simply not show up in the network directory listing if the current user is not authorized to access them. I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. Thanks again. Julian. = At 09:11 AM 12/14/01 -0700, you wrote: Hello: Have you tried the veto files command? I have not used it, but the book I have has a description for it, which you might find helpful: veto files: Contains a list of file and directory names that are marked by Samba as not visible and cannot be accessed by users. Entires in the list are separated by the / character, and the ? and * wildcard characters can be used. For example, to veto access to Windows executables files on a file share use veto files = /*.exe/*.com/*.bat/. If the case-sensitive parameter is false, Samba will veto files regard to case. Hopefully, this command can help you solve your problem. Good luck... Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: I've pored over man on the Samba web-site, and yes, you remember correctly ;-) It's true that though browseable = no hides a share from everyone, you can still map to it, but then how does one know it's there? That's cryptic and unreasonably clumsy for non-expert users (which includes me), who have other things to remember, like where we've put the car keys. Seems like it's all or nothing, which is not really very clever at all. What we need is a hide unavailable shares = true/false switch for smb.conf or something like that. Thanks for the response, Dave. Any Samba programmers out there listening, or other wizards? Julian. At 07:56 AM 12/14/01 -0600, Dave Sherman replied: On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). If I remember correctly, under a share definition just add: browseable = no This will make it invisible, but you can still map a network drive to it. However, this makes it invisible to everyone, not just selected users. I would seggest 'man smb.conf' for further information. Dave = Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
RE: Re: [newbie] Samba question - making shares invisible
well, you could do the whole NT domain thing, and use a standard.bat for each user (supplied to the user at authentication from the server) that maps that persons network drives, then you can just set all the shares to browsable=no I have been wanting to do that for a while, just never got around to it. rgds Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Julian Opificius Sent: Saturday, 15 December 2001 8:57 AM To: [EMAIL PROTECTED] Subject: Re: Re: [newbie] Samba question - making shares invisible Just like browseable = no, right? No, I want the share to show up or not show up as a function of it's accessibility by the current login - i.e. login-dependant, rather than definition-dependant. Thanks all the same. Julian. === At 11:55 AM 12/14/01 -0600, you wrote: This probabally isn't what you want, but if you end a SMB share name with a '$' it will not show up in browse lists but will still be accessable (assuming you have rights to the share and the underlying files of course.) -Original Message- From: Julian Opificius [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 14 Dec 2001 10:44:01 -0600 Subject: Re: [newbie] Samba question - making shares invisible Thanks for the response Dexter. No, what I'm looking for is to have shares simply not show up in the network directory listing if the current user is not authorized to access them. I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. Thanks again. Julian. = At 09:11 AM 12/14/01 -0700, you wrote: Hello: Have you tried the veto files command? I have not used it, but the book I have has a description for it, which you might find helpful: veto files: Contains a list of file and directory names that are marked by Samba as not visible and cannot be accessed by users. Entires in the list are separated by the / character, and the ? and * wildcard characters can be used. For example, to veto access to Windows executables files on a file share use veto files = /*.exe/*.com/*.bat/. If the case-sensitive parameter is false, Samba will veto files regard to case. Hopefully, this command can help you solve your problem. Good luck... Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: I've pored over man on the Samba web-site, and yes, you remember correctly ;-) It's true that though browseable = no hides a share from everyone, you can still map to it, but then how does one know it's there? That's cryptic and unreasonably clumsy for non-expert users (which includes me), who have other things to remember, like where we've put the car keys. Seems like it's all or nothing, which is not really very clever at all. What we need is a hide unavailable shares = true/false switch for smb.conf or something like that. Thanks for the response, Dave. Any Samba programmers out there listening, or other wizards? Julian. At 07:56 AM 12/14/01 -0600, Dave Sherman replied: On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod and the smbpasswd file I can control access to various shares, but how do I prevent shares from even appearing for logins who are not permitted to access them? I'd rather those shares not even appear, so as to provide a simplified interface to some users (i.e. my kids). If I remember correctly, under a share definition just add: browseable = no This will make it invisible, but you can still map a network drive to it. However, this makes it invisible to everyone, not just selected users. I would seggest 'man smb.conf' for further information. Dave = Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] Samba question - making shares invisible
On Fri, 14 Dec 2001 20:55:41 -0600 Julian Opificius [EMAIL PROTECTED] studiouisly spake these words to ponder: Hi there, i've got a question about something. I've been following this thread and gleening some info from it. I've got the samba server running on my Linux machine and i'm trying to get my windows box to see the Mandrake box, but i'm not having any luck. here's what gets returned from this command: command -- smbclient -L ALEXHOME -U mdw1982 [root@mdw1982 root]# smbclient -L ALEXHOME -U mdw1982 added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 session request to ALEXHOME failed (Called name not present) session request to *SMBSERVER failed (Called name not present) - and here's what i'm finding in /var/log/samba/log.nmbd -- [2001/12/14 22:48:04, 0] nmbd/nmbd_mynames.c:my_name_register_failed(41) my_name_register_failed: Failed to register my name ALEXHOME00 on subnet 192.168.0.1. [2001/12/14 22:48:04, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(292) standard_fail_register: Failed to register/refresh name ALEXHOME00 on subnet 192.168.0.1 --- what in the world is it trying to tell me? I'm stumped. -- daRcmaTTeR Registered Linux User 182496 Mandrake 8.1 - 10:05pm up 5 days, 0 min, 2 users, load average: 0.12, 0.39, 0.37 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: Re: [newbie] Samba question - making shares invisible
Hi again Dexter, thanks for giving this so much thought :-) I'm afraid your suggestion does not give me what I want. I don't want to limit access to files in the share, I want the whole share to not appear at all for those logins who don't have access to it. Here's an example, which should make it more obvious. Suppose I have a share called [letters_from_girlfriends] (I don't, but for the example, say I do). It isn't enough just to have my wife not to have access to it, I'd rather she didn't even see the share name at all. Got it? I could do this:- valid users = @parents browseable = @parents it would work. The browseable flag would be a function of the current login. Unfortunately, browseable is a boolean, and doesn't take a user or group name as an argument, and therefore is either always true or always false, irrespective of who is logged in. julian. At 08:02 PM 12/14/01 -0700, you wrote: Hello me again: How about this If I understand you correctly, you are going to have multiple people use samba to access your linux box and you want to limit the availability of the files in the share depending on who is logging in. Well, what if you set up multiple accounts in your linbox and limit access accordingly. For example, let's say you have usera and userb. Set up two additional accounts in your linbox with the respective usernames and passwords. Could you not then set up usera to browseable yes and userb to browseable no (or use veto files for that matter)? You could set the same path for both users, but limit them with the browseable option. If I am not mistaken, it would also require to set up multiple accounts in your winbox, if you only have one winbox networked to your linbox. Did I make sense? Hope it helps... Regards, Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: Just like browseable = no, right? No, I want the share to show up or not show up as a function of it's accessibility by the current login - i.e. login-dependant, rather than definition-dependant. Thanks all the same. Julian. === At 11:55 AM 12/14/01 -0600, you wrote: This probabally isn't what you want, but if you end a SMB share name with a '$' it will not show up in browse lists but will still be accessable (assuming you have rights to the share and the underlying files of course.) -Original Message- From: Julian Opificius [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 14 Dec 2001 10:44:01 -0600 Subject: Re: [newbie] Samba question - making shares invisible Thanks for the response Dexter. No, what I'm looking for is to have shares simply not show up in the network directory listing if the current user is not authorized to access them. I thought of it as a duh, an obvious feature, and that I was overlooking the obvious, but apparently not. The more I think about it, it demonstrates the philosophical difference between Microsoft (the KISS principle) and Unix (the long rope - you either do rope tricks or hang yourself). The idea of iding unavailable shares for the sake of simplicity probably wouldn't occur to a Unix/Linux programmer. Not that it's wrong, just different. Thanks again. Julian. = At 09:11 AM 12/14/01 -0700, you wrote: Hello: Have you tried the veto files command? I have not used it, but the book I have has a description for it, which you might find helpful: veto files: Contains a list of file and directory names that are marked by Samba as not visible and cannot be accessed by users. Entires in the list are separated by the / character, and the ? and * wildcard characters can be used. For example, to veto access to Windows executables files on a file share use veto files = /*.exe/*.com/*.bat/. If the case-sensitive parameter is false, Samba will veto files regard to case. Hopefully, this command can help you solve your problem. Good luck... Dexter On Fri, 14 Dec 2001, Julian Opificius wrote: I've pored over man on the Samba web-site, and yes, you remember correctly ;-) It's true that though browseable = no hides a share from everyone, you can still map to it, but then how does one know it's there? That's cryptic and unreasonably clumsy for non-expert users (which includes me), who have other things to remember, like where we've put the car keys. Seems like it's all or nothing, which is not really very clever at all. What we need is a hide unavailable shares = true/false switch for smb.conf or something like that. Thanks for the response, Dave. Any Samba programmers out there listening, or other wizards? Julian. At 07:56 AM 12/14/01 -0600, Dave Sherman replied: On Thu, 2001-12-13 at 22:14, Julian Opificius wrote: With dexterous use of chmod
Re: [newbie] Samba question - making shares invisible
Mark, The first thing is that you say that you're trying to get the Windows box to see the Linux box. The next thing is you talk about running smbclient, which is used for accessing the Windows box from the Linux box, so I'm a little confused. The smbclient log message? I'm guessing it's telling you that the computer called ALEXHOME is not presenting Samba shares, though it probably exists. If you attempt to access a computer that doesn't exist, smbclient says connection to bad computer name failed, so I'm guessing that ALEXHOME exists, but isn't talking Samba. Is ALEXHOME the Linux box or the Windows box, and which way are you trying to connect? Julian. At 11:05 PM 12/14/01 -0500, you wrote: On Fri, 14 Dec 2001 20:55:41 -0600 Julian Opificius [EMAIL PROTECTED] studiouisly spake these words to ponder: Hi there, i've got a question about something. I've been following this thread and gleening some info from it. I've got the samba server running on my Linux machine and i'm trying to get my windows box to see the Mandrake box, but i'm not having any luck. here's what gets returned from this command: command -- smbclient -L ALEXHOME -U mdw1982 [root@mdw1982 root]# smbclient -L ALEXHOME -U mdw1982 added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 session request to ALEXHOME failed (Called name not present) session request to *SMBSERVER failed (Called name not present) - and here's what i'm finding in /var/log/samba/log.nmbd -- [2001/12/14 22:48:04, 0] nmbd/nmbd_mynames.c:my_name_register_failed(41) my_name_register_failed: Failed to register my name ALEXHOME00 on subnet 192.168.0.1. [2001/12/14 22:48:04, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(292) standard_fail_register: Failed to register/refresh name ALEXHOME00 on subnet 192.168.0.1 --- what in the world is it trying to tell me? I'm stumped. -- daRcmaTTeR Registered Linux User 182496 Mandrake 8.1 - 10:05pm up 5 days, 0 min, 2 users, load average: 0.12, 0.39, 0.37 Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com == Julian A. Opificius. 802 Fawn Road, Elk River, MN 55330. Home: 763.441.1291, Cell: 763.360.5919 [EMAIL PROTECTED] ICQ: 3268206 == Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com