SMB Extra Settings question

Xaero

By Xaero
in General Support

Recommended Posts

Xaero Enthusiast

Xaero

Posted
Posted (edited)

If I want to add some options to the shares created by unraid, do I just use [share-name] and then put the additional delegations underneath?

What I'm trying to accomplish is using "hosts allow" and "hosts deny" to allow and deny access to certain shares for Wireguard clients using ip addresses (since all wireguard clients in my case are static IPs) 
If I can use SMB Extra Settings in this manner then that solves the problem without needing extra legwork.

I was thinking about submitting a feature request, but it may be kind of a niche case.


Edit:

I ended up testing this, it works exactly as I anticipated.

If I add an entry like so:
[ShareName]

hosts allow = <Wireguard ClientIP>
That client can see that share.

 

If I add an entry like so:
[ShareName]
hosts deny = <WireGuard ClientIP> 
That client can no longer see that share.

This modfies existing settings set by unraid automatically.


This was wrong. And just makes the shares completely unavailable, because there is no path defined for them.

Edited by Xaero
Link to comment
Xaero Enthusiast

Xaero

Posted
  • Author
Posted (edited)

So, I did a little bit of testing (see my edits above) and found that instead of it overriding the auto config from unraid, it ends up disabling the shares all-together.
Executing `testparm` reveals the reason: 


WARNING: No path in service Backups - making it unavailable!
NOTE: Service Backups is flagged unavailable.
WARNING: No path in service Games - making it unavailable!
NOTE: Service Games is flagged unavailable.
WARNING: No path in service isos - making it unavailable!
NOTE: Service isos is flagged unavailable.
WARNING: No path in service Software - making it unavailable!
NOTE: Service Software is flagged unavailable.
WARNING: No path in service Video - making it unavailable!
NOTE: Service Video is flagged unavailable.
*snip*

 

Wait, I know there's paths because Unraid generates these entries by default. What's happening here?!

So I took a look at /etc/samba/smb.conf: 


/etc/samba/smb.conf 
[global]
        # configurable identification
        include = /etc/samba/smb-names.conf

        # log stuff only to syslog
        log level = 0
        syslog = 0
        syslog only = Yes

        # we don't do printers
        show add printer wizard = No
        disable spoolss = Yes
        load printers = No
        printing = bsd
        printcap name = /dev/null

        # misc.
        invalid users = root
        unix extensions = No
        wide links = Yes
        use sendfile = Yes
        aio read size = 0
        aio write size = 4096
        allocation roundup size = 4096

        # ease upgrades from Samba 3.6
        acl allow execute always = Yes
        # permit NTLMv1 authentication
        ntlm auth = Yes

        # hook for user-defined samba config
        include = /boot/config/smb-extra.conf

        # auto-configured shares
        include = /etc/samba/smb-shares.conf

 

And I see that the smb-extra is loaded before smb-shares

This means that I can't apply any advanced configuration to shares. 


Is this intentional, @limetech?

Edited by Xaero
  • Like 1
Link to comment
Frank1940 Veteran

Frank1940

Posted
Posted (edited)

I actually noticed this several years ago but never raised it up as an issue as I did not have a valid reason for doing so.  My personal opinion is that the 

include = /boot/config/smb-extra.conf

statement should be the last item executed in the smb.conf file as it should be the user's option to be able include in it exactly what is required to modify and tailor the SMB system to function as he wants and needs. 

 

Perhaps, this should really be a bug request...

Edited by Frank1940
Link to comment
Xaero Enthusiast

Xaero

Posted
  • Author
Posted
21 hours ago, Frank1940 said:

I actually noticed this several years ago but never raised it up as an issue as I did not have a valid reason for doing so.  My personal opinion is that the 


include = /boot/config/smb-extra.conf

statement should be the last item executed in the smb.conf file as it should be the user's option to be able include in it exactly what is required to modify and tailor the SMB system to function as he wants and needs. 

 

Perhaps, this should really be a bug request...

I think so,
I'll open one when I'm able to with proper documentation of what is wrong, why it happens, and how changing the order fixes it. It may be that this is intentional, but there should still be a way to override the basic functionality without making such changes.
I did switch the order on my system, and it is working properly with the order switched. I was also able to add a feature I think unraid should have as an option:
access based shares enum = yes
This makes it so that if the user access the samba directory listing, they only see the shares they have access to. Even with smbtree. So for example, I have the appdata, system shares as browseable=yes,and private with only my user for any access. I then also added allow hosts=192.168.1. As a result of this, if I am NOT at home, and try to access my server - those shares aren't available, or listed (which is good, because I can't screw anything up remotely.) Similarly, if I connect as any other user - they aren't even present. Results in a very polished experience for other clients as well - they only see the folders they need, rather than a bunch of folders they don't have permission to view.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing