Samba, Shares, and AD

Hi folks. I’ve just registered here to ask this:

I’ve got openSUSE 11.4 x64.
I’ve got Samba 3.5.7.
The point is to hide the shares that are inaccessible to a particular user.

In a config file, I added the access based share enum = yes parameter, but the problem is that thai it doesn’t make any sence: the shares with restricte access are visible by everyone.

Here’s my smb.conf (kind of):

        workgroup = COMPANY
        realm = COMPANY.COM
        server string = MyServer
        netbios name = MyServer
        security = ADS
        map to guest = Bad User
        deadtime = 1
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes
        show add printer wizard = No
        logon path = \%Lprofiles.msprofile
        logon drive = P:
        logon home = \%L%U.9xprofile
        os level = 0
        local master = No
        domain master = No
        dns proxy = No
        idmap uid = 10000-40000
        idmap gid = 10000-40000
        template shell = /bin/bash
        winbind cache time = 1440
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes
        printing = bsd
        cups options = raw
        print command = lpr -r -P'%p' %s
        lpq command = lpq -P'%p'
        lprm command = lprm -P'%p' %j

        path = /var/TestDir
        valid users = ivanov, petrov, sidorov
        write list = ivanov, "@Domain Admins"
        create mask = 0666
        directory mask = 0777
        hide unreadable = Yes
        access based share enum = Yes

Furthermore, an smbclient -k -L MyServer run from a notebook which is not in AD lists all the shares on MyServer.

The filesystem rights to /var/TestDir are 777, though it shouldn’t matter, according to a share enum parameter description in man pages. AD DS are deployed on a Windows Server 2003, wbinfo -g and -u list domain users and groups correctly.

What am I doing wrong? How to hide shares which are inaccessible to a particular user?

Thank you.

I am experiencing the exact same problem and am trying to do the exact same thing. I’m not sure if it truly works. There is a Samba bugzilla case open: