- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - Linux
- >
- System Administration
- >
- Re: RHEL 5 - Samba / Active Directory hide shares
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-05-2009 11:42 AM
10-05-2009 11:42 AM
RHEL 5 - Samba / Active Directory hide shares
1. RHEL 5 using Active Directory.
2. Have multiple external sources (we'll call these companies) that access one samba server. These companies have their own unique shares.
How can I configure this so that each company cannot see the other companies shares ?
I'm not talking about the browsable option; I want users from each company to only see the shares that they are privileged to see.
I have experimented with setting this in smb.conf:
include=/etc/samba/include/smb.conf.per-user.%U
This basically uses a per-user smb.conf file. This does work but the problem is that this can be a management nightmare for a large number of users and shares.
There is supposed to be a similar group related option %G but it doesn;t seem to work.
Are multipled samba servers on one server the answer ?
Anyone have any ideas ?
Thanks,
BW.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-06-2009 04:52 AM
10-06-2009 04:52 AM
Re: RHEL 5 - Samba / Active Directory hide shares
Assumption: each company must not know the names of other companies' shares (otherwise, why hide them?)
Scenario: Company A requests you to generate a share named "projects" and gets it. Now Company B wants a share named "projects" too.
What do you do?
You cannot accept the request, because a share with that name already exists. But if you deny the request, you'll reveal to Company B the fact that the share exists and belongs to some other Company.
You have a namespace problem: if the companies are not supposed to have any knowledge of each other, each company must have an independent namespace of share names, otherwise you will eventually leak information between companies.
Multiple Samba servers on one physical server: the design of SMB/CIFS protocol is going to make this somewhat tricky, but it's certainly possible to do it. You will need separate IP addresses for each server instance.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-06-2009 05:03 AM
10-06-2009 05:03 AM
Re: RHEL 5 - Samba / Active Directory hide shares
Even if there was only one company why do users need to see shares they are not entitled to see ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-06-2009 06:42 AM
10-06-2009 06:42 AM
Re: RHEL 5 - Samba / Active Directory hide shares
I'd set groups, either in ADS or Samba and use one group per company. Each samba share may be visible, but not browseable, which meets the goal.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-06-2009 08:04 AM
10-06-2009 08:04 AM
Re: RHEL 5 - Samba / Active Directory hide shares
Part of the problem is that there are multiple shares per company (with different permissions) and ideally, Users will want to and should be able to see all of the shares they are entitled to see.
The %U in smb.conf works really great as it runs a user specific smb.conf file; just not very practical for managing many users.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-08-2009 08:53 AM
10-08-2009 08:53 AM
Re: RHEL 5 - Samba / Active Directory hide shares
by companies do you mean multiple domains in Windows AD with trust relationship between.
a few months earlier a client of ours was looking for a similar solution. with help from members of this very forum (S Protter taking lead role) i was able to compile things and put it up here http://blog.palalinha.com/2009/04/integrate-linux-box-with-windows-ad.html
once you join the linux box to the windows AD you can assign file permissions using the native linux commands or through webmin which can also help you with file permissions thru ACLs.(i wud suggest you dont use KDE for the purpose coz i find its buggy). since a trust relationship exists betwn the domains you will be able to assign file permissions without any issues.
i would not say this is the best possible solution. but mite give you a few leads.
please let me know if this makes sense.
thanks
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP