Created attachment 6411 [details] my smb.conf i enable this option but this not works/ unauthorized users see the share. [simplexe@ld-it-04 ~]$ uname -a Linux ld-it-04 2.6.38-ARCH #1 SMP PREEMPT Sun Apr 17 14:51:34 UTC 2011 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz GenuineIntel GNU/Linux [simplexe@ld-it-04 ~]$ yaourt -Qi samba Название : samba Версия : 3.5.8-2 same thing happens on openSUSE 11.4 x64 with Samba 3.5.7.
Hi Karolin, i'm wondering why this one has been assigned to you. Samba users are refering to "access based share enum" in smb.conf on IRC - they would like to have that feature. I tried it myself - was not able to get it working. To whom should this one been re-assigned? Cheers, Günter
Looking at the man page, it states: This has parallels to access based enumeration, the main difference being that only share permissions are evaluated, and security descriptors on files contained on the share are not used in computing enumeration access rights. So as long as the share security set with sharesec or via MMC has not been changed, it will default to Everyone having FULL access and so the share is listed. I do not think that using (in)valid users parameter is good enough, you'll have to use sharesec.
(In reply to comment #1) > Hi Karolin, > > i'm wondering why this one has been assigned to you. > > Samba users are refering to "access based share enum" > in smb.conf on IRC - they would like to have that feature. > > I tried it myself - was not able to get it working. > > To whom should this one been re-assigned? > > Cheers, Günter Hi Günter, I think it was originally assigned to me, because the component was not exactly right. I should have re-assigned, sorry. Cheer, Karolin
yes, but why in the world is there no working option to hide shares where the user has no access? if i use "valid users" i expect that only this user are seeing a share instead this the log is flooded with access denied messages where nobody treid to acess anything [2011/11/23 14:38:32.022277, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.027907, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.028033, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.581596, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.582673, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.590884, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.591000, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.597813, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.597934, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.603950, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.604054, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.610922, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.611062, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:32.616332, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:32.616430, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:38.513305, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:38.513408, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:39.490426, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:39.490581, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:39.498209, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:39.498345, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:39.505552, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:39.505683, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:39.511371, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:39.511508, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:39.517436, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:39.517624, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE. [2011/11/23 14:38:39.522996, 1] smbd/service.c:777(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2011/11/23 14:38:39.523125, 1] smbd/process.c:456(receive_smb_talloc) read_smb_length_return_keepalive failed for client 127.0.0.1 read error = NT_STATUS_END_OF_FILE.
Just to be clear - you want the "valid users" and "invalid users" parameters to be taken into account when enumerating shares - yes ? Jeremy.
Hi Jeremy, yes, from time to time there are users/admins on irc #samba who want to hide browsing info at all related to shares which they cannot authenticate to at all. So "valid users" and "invalid users" would be the right one to limit that info. Cheers, Günter
Created attachment 11890 [details] git-am fix for 4.3.next and 4.4.0
Assigning to Karolin for inclusion in 4.3.next and 4.4.0. (note commit message - fix is by Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>)
Pushed to autobuild-v4-[3|4]-test.
(In reply to Karolin Seeger from comment #9) Pushed to both branches. Closing out bug report. Thanks!