Samba shares

Is anyone a linux IT ninja? Hur is some based info:

ubuntu server (16.04, headless)
security = user (at the moment)

I have read through:|SecuringSamba))

Goal: To have shared folders only be visible to valid users.

To date i have been able to make them visible to all, or none. The folder address works for the user even if it is hidden.

I have tried numerous variations in the smb.conf , ie browsable = no, hide directory, etc, file but I can’t get folders to be visible for only the valid users.

Is security = share a better option to achieve this?

Can you post your smb.conf? Feel free to censor or obfuscate anything you feel is private. Just need to see where you’re at.

1 Like

I found an awesome tutorial on youtube a few weeks ago, didn’t bookmark it, and my system crashed so i had to reinstall; the guy demo’d: the recyclebin, users, hidden shares, and a bunch of smb.conf tricks like include.

I have spent hours trying to find it again but i can’t. Its a monster piss off. I even thought to post it in the Linux tutorial thread.

1. Start with a simple global section

Try replacing everything above:


	workgroup = WORKGROUP
	netbios name = $h
	security = user

	log file = /var/log/samba/%m.log
	log level = 1

2. Don’t do this:

Pick one of those.

3. Validate your config

Run testparm to see if smb.conf checks out

4. Add Samba users

You can add users like this (it will not automatically use your system users).

smbpasswd -a someuser

5. Check back here

That should be enough for a first pass. Let us know what problems you run into or what functionality you’re missing.

1 Like

Does this do what you need? I can still see the directory name on ip’s not in the hosts allow section but I can’t open it and see its contents.

[Directory Name]
comment = whatever you want
path = /folder
writable = yes
valid users = user accounts
hosts allow = ip addresses

Try access based share enum


1 Like

Yes that works!! Adding access based share enum = yes should work for what the op wants.

1 Like

Did you put it in global or per share?

I put it in the share, like this…

[Directory Name]
comment = whatever you want
path = /folder
writable = yes
valid users = user accounts
hosts allow = ip addresses
access based share enum = yes

I just tried moving it from share to global and it works too.

1 Like

Super perplexed, I just redid my smb.conf that way and nothing fixed.

@Boosted is your security user or shared based? Do you want to drop your smb.conf into a PM?

I can when I get home, if you need it, but I don’t have any security defined in smb.conf. All I did was add, what I’ve posted above, to smb.conf in the Share Definitions section.

I can when I get home - there is no urgency, but that would be great. PM preferred.
I don’t have any security defined - Hmm i wonder what the default is. Will read up on it.

Hmmm, commented (#) out the security option and nothing changed. I reboot everytime so i assume the updated smb.conf file is applying.

Default is user

What have you changed in the SMB.conf file?

# security = user

@kungr Also make sure to restart the service or smbcontrol all reload-config

make sure to restart - nope didn’t work, lol.

I love it when things take 10x longer than they should.

Upfront, thanks for all the support @Boosted & @oO.o