Ah, right -- wasn't following the thread closely enough. I'll let you
and Steve continue to hash it out ;)
-Matt
David McDowell wrote:
Based on Steve's example config, how do we explain why he gets a value
in %U with security = share and I don't when I set mine up
identically? The only difference I see is in our samba versions. my
3.0.10x vs his 3.0.12x
%u is what I used when I got the nobody value, not %U.
If I set security = user, nothing works, the printer nor the share for
pickup b/c there are no users in my smbpasswd list. I would suspect
even if I created a list of my users with blank passwords it would
still fail b/c the logged in windows user's password wouldn't match
the smbpasswd list, thus failure to connect. Thoughts?
thanks folks for all your ideas so far!
David
On 2/28/06, Matt McGrievy <[EMAIL PROTECTED]> wrote:
Hi David,
Following up on Rick's post, seeing "security=share" in your smb.conf
reminded me of this little passage in the samba docs about username
confusion with share-level security:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2527269
In share-level security, the client authenticates itself separately for
each share. It sends a password along with each tree connection request
(share mount), but it does not explicitly send a username with this
operation. The client expects a password to be associated with each
share, independent of the user. This means that Samba has to work out
what username the client probably wants to use, the SMB server is not
explicitly sent the username. Some commercial SMB servers such as NT
actually associate passwords directly with shares in share-level
security, but Samba always uses the UNIX authentication scheme where it
is a username/password pair that is authenticated, not a share/password
pair.
So I guess that means that Samba CAN figure out the username, but maybe
that's biting you in some way. I don't know how it works if you're
going through an AD (maybe Windows passes the right username or maybe it
authenticates as a guest?). That could explain why you're getting the
"nobody" username on the print jobs. It's possible that you'll have to
use user or domain security. The rest of the page above may be able to
shed some light.
-Matt
Rick DeNatale wrote:
On 2/27/06, David McDowell <[EMAIL PROTECTED]> wrote:
woah, I changed %U to %u and now I get: nobody-Feb27-164318.pdf for
my filename. I don't know if that is considered progress or not! :p
%u is the username of the current service according to man smb.conf in
your case the print service is running as user nobody.
%U is the session username (the username that the client wanted, not
necessarily the same as the one they got).
%U is silently ignored for guest users, i.e. those who don't
authenticate on connect.
I think that you have to set up proper mapping of windows accounts to
nix accounts to let the print server differentiate between users. How
you do that, AD, LDAP, whatever is a variable. I've never set that up
myself. Hopefully someone with more samba chops, or the samba
documentation will reveal the secrets.
--
Rick DeNatale
Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
