Hi David,
Following up on Rick's post, seeing "security=share" in your smb.conf
reminded me of this little passage in the samba docs about username
confusion with share-level security:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2527269
In share-level security, the client authenticates itself separately for
each share. It sends a password along with each tree connection request
(share mount), but it does not explicitly send a username with this
operation. The client expects a password to be associated with each
share, independent of the user. This means that Samba has to work out
what username the client probably wants to use, the SMB server is not
explicitly sent the username. Some commercial SMB servers such as NT
actually associate passwords directly with shares in share-level
security, but Samba always uses the UNIX authentication scheme where it
is a username/password pair that is authenticated, not a share/password
pair.
So I guess that means that Samba CAN figure out the username, but maybe
that's biting you in some way. I don't know how it works if you're
going through an AD (maybe Windows passes the right username or maybe it
authenticates as a guest?). That could explain why you're getting the
"nobody" username on the print jobs. It's possible that you'll have to
use user or domain security. The rest of the page above may be able to
shed some light.
-Matt
Rick DeNatale wrote:
On 2/27/06, David McDowell <[EMAIL PROTECTED]> wrote:
woah, I changed %U to %u and now I get: nobody-Feb27-164318.pdf for
my filename. I don't know if that is considered progress or not! :p
%u is the username of the current service according to man smb.conf in
your case the print service is running as user nobody.
%U is the session username (the username that the client wanted, not
necessarily the same as the one they got).
%U is silently ignored for guest users, i.e. those who don't
authenticate on connect.
I think that you have to set up proper mapping of windows accounts to
nix accounts to let the print server differentiate between users. How
you do that, AD, LDAP, whatever is a variable. I've never set that up
myself. Hopefully someone with more samba chops, or the samba
documentation will reveal the secrets.
--
Rick DeNatale
Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
