DayshareLP

joined 1 year ago
 

I run 4 Proxmox Hosts which host all my VMs and several SMB shares. I recently also set up a Windows Server 2022 VM to start learning about "Windows Active Directory" and DFS with ABE.

So I implemented the SMB shares in a DFS Namespace and so far it works, I can see and access them. But that's the problem, I think I shouldn't be able to. The User I tested with has no rights to see the Content of the shares, But it does. And when I want to check the Security options of a Folder inside the DFS Namespace, my whole Desktop crashes and restarts.

I think I messed up the options of the SMB shares. This is my current config:

comment = SMB Share for stuff
path = /share/folder
browseable = yes
read only = no
guest ok = no
writable = yes

acl_xattr:ignore system acl = Yes
acl allow execute always = Yes
acl group control = Yes
inherit acls = Yes
inherit owner = windows and unix
inherit permissions = Yes

hide unreadable = Yes
access based share enum = Yes

vfs object = recycle
recycle:repository = /share/folder/.recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recylce:exclude_dir = /tmp /TMP /temp /TEMP /public /cache /CACHE /.recycle
recycle:exclude = *.TMP *.tmp *.temp ~$* *.log *.bak

The top part is the general share config, which I already used before this "adventure" started.
The second part is the Windows AD/DFS thing. I don't know if this is needed or if it's correct, but it was part of the guide I used.
The third part should allow me to use "Access Based Enumeration" but for that the access should work first, so I haven't played around with that much.
The fourth part is for recycling deleted Files. This worked fine before. Haven't checked if it still is.

Can anybody tell me if there are errors in my config or a better way to reach my goal?

Thank you in advance.

[–] DayshareLP@alien.top 1 points 1 year ago

I run Proxmox VE and Proxmox Backup Server on two machines at the same time. I pull the main backups from the main machine, where all the Vdisks are to the second one. Until now it works like a charm. The third of site machine is in the making