- Joined
- Mar 6, 2014
- Messages
- 9,553
This guide has been moved to the Resources section and can be found at this link:
https://forums.freenas.org/index.php?resources/smb-tips-and-tricks.15/
This thread now serves as the discussion thread for this guide. The original version can also be found below:
I've decided to consolidate various tips, tricks, and random config info into a thread. Hopefully someone will find it useful.
https://forums.freenas.org/index.php?resources/smb-tips-and-tricks.15/
This thread now serves as the discussion thread for this guide. The original version can also be found below:
I've decided to consolidate various tips, tricks, and random config info into a thread. Hopefully someone will find it useful.
Access based share enumeration in CIFS
If you configure your share as I highlight below, then the share will only be visible to users who have read or write access to the share during share enumeration (for example net view \\freenas). This how-to is for AD member servers, but the steps can be modified to accommodate standalone samba servers.
Step 1:
In windows, right-click "Computer Management" and click "Run as Administrator". Enter admin credentials, then right-click on your computer in the left pane and click "Connect to another computer". Enter the address of your FreeNAS server.
Step 2:
In Computer Management, expand "System" -> "Shared Folders" -> "Shares" and right click on the share for which you want to configure Access Based Share Enumeration, and click on Properties.
Step 3:
In the Properties window, click on "Share Permissions". Add the groups that need access to the share and remove the "Everyone" entry. Click "Apply" then "OK". Close computer management.
Step 4:
Open the FreeNAS web GUI and add the following auxiliary parameter to your CIFS share: "access based share enum=yes"
Done.
Steps (1) - (3) can be achieved locally on a FreeNAS server through the "sharesec" command-line utility. Its manpage can be found here: https://www.samba.org/samba/docs/man/manpages/sharesec.1.html. Using it requires knowing the SIDs of groups that you want to add / modify.
Hide a share from all users
Method 1:
Uncheck the box "Browsable to Network Clients" in your share's configuration.
Method 2:
Append a "$" to the your share's name.
If you configure your share as I highlight below, then the share will only be visible to users who have read or write access to the share during share enumeration (for example net view \\freenas). This how-to is for AD member servers, but the steps can be modified to accommodate standalone samba servers.
Step 1:
In windows, right-click "Computer Management" and click "Run as Administrator". Enter admin credentials, then right-click on your computer in the left pane and click "Connect to another computer". Enter the address of your FreeNAS server.
Step 2:
In Computer Management, expand "System" -> "Shared Folders" -> "Shares" and right click on the share for which you want to configure Access Based Share Enumeration, and click on Properties.
Step 3:
In the Properties window, click on "Share Permissions". Add the groups that need access to the share and remove the "Everyone" entry. Click "Apply" then "OK". Close computer management.
Step 4:
Open the FreeNAS web GUI and add the following auxiliary parameter to your CIFS share: "access based share enum=yes"
Done.
Steps (1) - (3) can be achieved locally on a FreeNAS server through the "sharesec" command-line utility. Its manpage can be found here: https://www.samba.org/samba/docs/man/manpages/sharesec.1.html. Using it requires knowing the SIDs of groups that you want to add / modify.
Note: Steps (1)-(3) edit Windows NT ACLs, which are stored in samba's share_info.tdb, which is not affected by your choice of "Unix" or "Windows permissions type".
Hide a share from all users
Method 1:
Uncheck the box "Browsable to Network Clients" in your share's configuration.
Method 2:
Append a "$" to the your share's name.
Note: I have found Method 2 to be somewhat more reliable.
Last edited by a moderator:
