Currently my samba server integrated with Windows Active Directory 2012, almost configuration is just fine. I'm just curious
Here are my smb.conf,
[global]
workgroup = "Domain Name"
server string = Samba Server Version %v
security = ads
realm = "Domain Name".NET
domain master = no
local master = no
preferred master = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config TEST : backend = rid
idmap config TEST : range = 10000-99999
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
[datashare]
comment = data share
path = /data/datashare
read only = no
valid users = @"Domain Name+internal"
force group = internal
valid group = internal
directory mode = 0770
force directory mode = 0770
create mode = 0770
force create mode = 0770
# Hide share from users who don't have access
access based share enum = yes
# Hide files/directories if user doesn't have read access
hide unreadable = yes
browseable = no
include = /etc/samba/conf.d/conf.datashare%m #new config
content fo /etc/samba/conf.d/conf.datashare
browseable = yes
ref : http://www.samba.org/samba/docs/using_samba/ch06.html
with current configuration almost all folder is no hide in root folder samba for all user and group. after I add line #new config, datashare folder is hide (no browseable) for all user and group.
My question is, how to show folder in root samba folder for specific group?
Best Answer
There is no way to achieve what you are trying. If you remove:
then users would access with group priviledges from their AD group, and you could chmod to 0770 and chown dirs to specific groups.
Otherwise there is no concept of apaches 'mod_auth' which you can use per directory in samba, once user enters a share, 'browsable' option is global for all files.
Other possibility is to create separate shares for separate groups.