Windows – how to hide folder on root samba folder with include for each group

active-directorysambawindows

Currently my samba server integrated with Windows Active Directory 2012, almost configuration is just fine. I'm just curious
Here are my smb.conf,

[global]
    workgroup = "Domain Name"
    server string = Samba Server Version %v
    security = ads
    realm = "Domain Name".NET
    domain master = no
    local master = no
    preferred master = no
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    idmap config * : backend = tdb
    idmap config * : range = 100000-299999
    idmap config TEST : backend = rid
    idmap config TEST : range = 10000-99999

    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind nested groups = yes
    winbind refresh tickets = yes
    template homedir = /home/%D/%U
    template shell = /bin/bash

    client use spnego = yes
    client ntlmv2 auth = yes
    encrypt passwords = yes
    restrict anonymous = 2

    log file = /var/log/samba/log.%m
    max log size = 50

[datashare]
    comment = data share
    path = /data/datashare
    read only = no
    valid users = @"Domain Name+internal"
    force group = internal
    valid group = internal
    directory mode = 0770
    force directory mode = 0770
    create mode = 0770
    force create mode = 0770
    # Hide share from users who don't have access
    access based share enum = yes
    # Hide files/directories if user doesn't have read access
    hide unreadable = yes
    browseable = no
    include = /etc/samba/conf.d/conf.datashare%m #new config

content fo /etc/samba/conf.d/conf.datashare

    browseable = yes

ref : http://www.samba.org/samba/docs/using_samba/ch06.html

with current configuration almost all folder is no hide in root folder samba for all user and group. after I add line #new config, datashare folder is hide (no browseable) for all user and group.

My question is, how to show folder in root samba folder for specific group?

Best Answer

There is no way to achieve what you are trying. If you remove:

force group = internal

then users would access with group priviledges from their AD group, and you could chmod to 0770 and chown dirs to specific groups.

Otherwise there is no concept of apaches 'mod_auth' which you can use per directory in samba, once user enters a share, 'browsable' option is global for all files.

Other possibility is to create separate shares for separate groups.

Related Topic