I run 4 Proxmox Hosts which host all my VMs and several SMB shares. I recently also set up a Windows Server 2022 VM to start learning about "Windows Active Directory" and DFS with ABE.

So I implemented the SMB shares in a DFS Namespace and so far it works, I can see and access them. But that's the problem, I think I shouldn't be able to. The User I tested with has no rights to see the Content of the shares, But it does. And when I want to check the Security options of a Folder inside the DFS Namespace, my whole Desktop crashes and restarts.

I think I messed up the options of the SMB shares. This is my current config:

comment = SMB Share for stuff path = /share/folder browseable = yes read only = no guest ok = no writable = yes

acl_xattr:ignore system acl = Yes acl allow execute always = Yes acl group control = Yes inherit acls = Yes inherit owner = windows and unix inherit permissions = Yes

hide unreadable = Yes access based share enum = Yes

vfs object = recycle recycle:repository = /share/folder/.recycle recycle:keeptree = yes recycle:versions = yes recycle:touch = yes recylce:exclude_dir = /tmp /TMP /temp /TEMP /public /cache /CACHE /.recycle recycle:exclude = *.TMP *.tmp .temp ~$ *.log *.bak

The top part is the general share config, which I already used before this "adventure" started. The second part is the Windows AD/DFS thing. I don't know if this is needed or if it's correct, but it was part of the guide I used. The third part should allow me to use "Access Based Enumeration" but for that the access should work first, so I haven't played around with that much. The fourth part is for recycling deleted Files. This worked fine before. Haven't checked if it still is.

Can anybody tell me if there are errors in my config or a better way to reach my goal?

Thank you in advance.