oh my files are identical.
On 2/28/06, Steve Hoffman <[EMAIL PROTECTED]> wrote: > Well, I did some playing and can't seem to break it..and I've tried. This > machine was a domain controller back in the day, but I've since upgraded (or > downgraded depending on your POV) to a 2003 AD because we added our own > exchange server. Some accounts still exist on the samba server, but many > new ones don't and they're still able to print just fine to the PDF > printer. > > what does your smbusers file look like? Here's mine: > # Unix_name = SMB_name1 SMB_name2 ... > root = administrator admin > nobody = guest pcguest smbguest > > how about your smbpasswd file? I have a strange entry for the "nobody" > acct: > nobody:99:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU > ]:LCT-00000000: > > If I'm reading that right, there's NO password for nobody and perhaps > everyone fails auth as nobody and therefore are forced to send their > username/password from win?(total guess, sort of reached up a deep dark > cavity and pulled that one out) > > > Anything there shedding light? > > Steve > > On 2/28/06, David McDowell <[EMAIL PROTECTED]> wrote: > > > > Based on Steve's example config, how do we explain why he gets a value > > in %U with security = share and I don't when I set mine up > > identically? The only difference I see is in our samba versions. my > > 3.0.10x vs his 3.0.12x > > > > %u is what I used when I got the nobody value, not %U. > > > > If I set security = user, nothing works, the printer nor the share for > > pickup b/c there are no users in my smbpasswd list. I would suspect > > even if I created a list of my users with blank passwords it would > > still fail b/c the logged in windows user's password wouldn't match > > the smbpasswd list, thus failure to connect. Thoughts? > > > > thanks folks for all your ideas so far! > > David > > > > > > On 2/28/06, Matt McGrievy <[EMAIL PROTECTED]> wrote: > > > Hi David, > > > > > > Following up on Rick's post, seeing "security=share" in your smb.conf > > > reminded me of this little passage in the samba docs about username > > > confusion with share-level security: > > > > > > > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2527269 > > > In share-level security, the client authenticates itself separately for > > > each share. It sends a password along with each tree connection request > > > (share mount), but it does not explicitly send a username with this > > > operation. The client expects a password to be associated with each > > > share, independent of the user. This means that Samba has to work out > > > what username the client probably wants to use, the SMB server is not > > > explicitly sent the username. Some commercial SMB servers such as NT > > > actually associate passwords directly with shares in share-level > > > security, but Samba always uses the UNIX authentication scheme where it > > > is a username/password pair that is authenticated, not a share/password > > > pair. > > > > > > So I guess that means that Samba CAN figure out the username, but maybe > > > that's biting you in some way. I don't know how it works if you're > > > going through an AD (maybe Windows passes the right username or maybe it > > > authenticates as a guest?). That could explain why you're getting the > > > "nobody" username on the print jobs. It's possible that you'll have to > > > use user or domain security. The rest of the page above may be able to > > > shed some light. > > > > > > -Matt > > > > > > Rick DeNatale wrote: > > > > On 2/27/06, David McDowell <[EMAIL PROTECTED]> wrote: > > > >> woah, I changed %U to %u and now I get: nobody-Feb27-164318.pdf for > > > >> my filename. I don't know if that is considered progress or not! :p > > > > > > > > %u is the username of the current service according to man smb.conf in > > > > your case the print service is running as user nobody. > > > > > > > > %U is the session username (the username that the client wanted, not > > > > necessarily the same as the one they got). > > > > > > > > %U is silently ignored for guest users, i.e. those who don't > > > > authenticate on connect. > > > > > > > > I think that you have to set up proper mapping of windows accounts to > > > > nix accounts to let the print server differentiate between users. How > > > > you do that, AD, LDAP, whatever is a variable. I've never set that up > > > > myself. Hopefully someone with more samba chops, or the samba > > > > documentation will reveal the secrets. > > > > > > > > -- > > > > Rick DeNatale > > > > > > > > Visit the Project Mercury Wiki Site > > > > http://www.mercuryspacecraft.com/ > > > -- > > > TriLUG mailing list : > > http://www.trilug.org/mailman/listinfo/trilug > > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > > > > -- > > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ : http://trilug.org/faq/ > > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
