this post was submitted on 30 Nov 2023
2 points (75.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I run 4 Proxmox Hosts which host all my VMs and several SMB shares. I recently also set up a Windows Server 2022 VM to start learning about "Windows Active Directory" and DFS with ABE.

So I implemented the SMB shares in a DFS Namespace and so far it works, I can see and access them. But that's the problem, I think I shouldn't be able to. The User I tested with has no rights to see the Content of the shares, But it does. And when I want to check the Security options of a Folder inside the DFS Namespace, my whole Desktop crashes and restarts.

I think I messed up the options of the SMB shares. This is my current config:

comment = SMB Share for stuff
path = /share/folder
browseable = yes
read only = no
guest ok = no
writable = yes

acl_xattr:ignore system acl = Yes
acl allow execute always = Yes
acl group control = Yes
inherit acls = Yes
inherit owner = windows and unix
inherit permissions = Yes

hide unreadable = Yes
access based share enum = Yes

vfs object = recycle
recycle:repository = /share/folder/.recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recylce:exclude_dir = /tmp /TMP /temp /TEMP /public /cache /CACHE /.recycle
recycle:exclude = *.TMP *.tmp *.temp ~$* *.log *.bak

The top part is the general share config, which I already used before this "adventure" started.
The second part is the Windows AD/DFS thing. I don't know if this is needed or if it's correct, but it was part of the guide I used.
The third part should allow me to use "Access Based Enumeration" but for that the access should work first, so I haven't played around with that much.
The fourth part is for recycling deleted Files. This worked fine before. Haven't checked if it still is.

Can anybody tell me if there are errors in my config or a better way to reach my goal?

Thank you in advance.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here