- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: RHEL 5 - Samba / Active Directory hide shares
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-05-2009 11:42 AM
тАО10-05-2009 11:42 AM
RHEL 5 - Samba / Active Directory hide shares
1. RHEL 5 using Active Directory.
2. Have multiple external sources (we'll call these companies) that access one samba server. These companies have their own unique shares.
How can I configure this so that each company cannot see the other companies shares ?
I'm not talking about the browsable option; I want users from each company to only see the shares that they are privileged to see.
I have experimented with setting this in smb.conf:
include=/etc/samba/include/smb.conf.per-user.%U
This basically uses a per-user smb.conf file. This does work but the problem is that this can be a management nightmare for a large number of users and shares.
There is supposed to be a similar group related option %G but it doesn;t seem to work.
Are multipled samba servers on one server the answer ?
Anyone have any ideas ?
Thanks,
BW.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 04:52 AM
тАО10-06-2009 04:52 AM
Re: RHEL 5 - Samba / Active Directory hide shares
Assumption: each company must not know the names of other companies' shares (otherwise, why hide them?)
Scenario: Company A requests you to generate a share named "projects" and gets it. Now Company B wants a share named "projects" too.
What do you do?
You cannot accept the request, because a share with that name already exists. But if you deny the request, you'll reveal to Company B the fact that the share exists and belongs to some other Company.
You have a namespace problem: if the companies are not supposed to have any knowledge of each other, each company must have an independent namespace of share names, otherwise you will eventually leak information between companies.
Multiple Samba servers on one physical server: the design of SMB/CIFS protocol is going to make this somewhat tricky, but it's certainly possible to do it. You will need separate IP addresses for each server instance.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 05:03 AM
тАО10-06-2009 05:03 AM
Re: RHEL 5 - Samba / Active Directory hide shares
Even if there was only one company why do users need to see shares they are not entitled to see ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 06:42 AM
тАО10-06-2009 06:42 AM
Re: RHEL 5 - Samba / Active Directory hide shares
I'd set groups, either in ADS or Samba and use one group per company. Each samba share may be visible, but not browseable, which meets the goal.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-06-2009 08:04 AM
тАО10-06-2009 08:04 AM
Re: RHEL 5 - Samba / Active Directory hide shares
Part of the problem is that there are multiple shares per company (with different permissions) and ideally, Users will want to and should be able to see all of the shares they are entitled to see.
The %U in smb.conf works really great as it runs a user specific smb.conf file; just not very practical for managing many users.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-08-2009 08:53 AM
тАО10-08-2009 08:53 AM
Re: RHEL 5 - Samba / Active Directory hide shares
by companies do you mean multiple domains in Windows AD with trust relationship between.
a few months earlier a client of ours was looking for a similar solution. with help from members of this very forum (S Protter taking lead role) i was able to compile things and put it up here http://blog.palalinha.com/2009/04/integrate-linux-box-with-windows-ad.html
once you join the linux box to the windows AD you can assign file permissions using the native linux commands or through webmin which can also help you with file permissions thru ACLs.(i wud suggest you dont use KDE for the purpose coz i find its buggy). since a trust relationship exists betwn the domains you will be able to assign file permissions without any issues.
i would not say this is the best possible solution. but mite give you a few leads.
please let me know if this makes sense.
thanks