Resource icon

CIFS / SMB (Samba) Tips and Tricks

Status
Not open for further replies.

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,545
This guide has been moved to the Resources section and can be found at this link:
https://forums.freenas.org/index.php?resources/smb-tips-and-tricks.15/


This thread now serves as the discussion thread for this guide. The original version can also be found below:


I've decided to consolidate various tips, tricks, and random config info into a thread. Hopefully someone will find it useful.
Access based share enumeration in CIFS
If you configure your share as I highlight below, then the share will only be visible to users who have read or write access to the share during share enumeration (for example net view \\freenas). This how-to is for AD member servers, but the steps can be modified to accommodate standalone samba servers.

Step 1:
In windows, right-click "Computer Management" and click "Run as Administrator". Enter admin credentials, then right-click on your computer in the left pane and click "Connect to another computer". Enter the address of your FreeNAS server.

Step 2:
In Computer Management, expand "System" -> "Shared Folders" -> "Shares" and right click on the share for which you want to configure Access Based Share Enumeration, and click on Properties.

Step 3:
In the Properties window, click on "Share Permissions". Add the groups that need access to the share and remove the "Everyone" entry. Click "Apply" then "OK". Close computer management.
ABE1.JPG


Step 4:
Open the FreeNAS web GUI and add the following auxiliary parameter to your CIFS share: "access based share enum=yes"
ABE2.jpg

Done.

Steps (1) - (3) can be achieved locally on a FreeNAS server through the "sharesec" command-line utility. Its manpage can be found here: https://www.samba.org/samba/docs/man/manpages/sharesec.1.html. Using it requires knowing the SIDs of groups that you want to add / modify.

Note: Steps (1)-(3) edit Windows NT ACLs, which are stored in samba's share_info.tdb, which is not affected by your choice of "Unix" or "Windows permissions type".

Hide a share from all users
Method 1:
Uncheck the box "Browsable to Network Clients" in your share's configuration.

Method 2:
Append a "$" to the your share's name.
Hidden Share.JPG


Note: I have found Method 2 to be somewhat more reliable.
 
Last edited by a moderator:

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
Let's make a deal.

You post this in the resources section and I let the Comic Sans usage slide.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
Can't you just move it there? Moving things around is above my pay grade.
I can, but I have to put in work, which makes me morally obligated to remove the stupid font.
 

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,175
Ok, it's in the Resources section and I've reassigned it to @anodos - I've decrapified it (and changed CIFS to SMB wherever I caught that one), so blame him for any stupid fonts, glittery GIFs or any other disgraceful displays of poor taste.

https://forums.freenas.org/index.php?resources/smb-tips-and-tricks.15/

I've also deleted the reserved posts, as they should no longer be needed. As I'll write in the OP, I recommend that this thread serve as the discussion thread for the new Resource.
 
Status
Not open for further replies.
Top