use security = user and then add a map to guest = bad password or bad user.
Matt P. On Tue, February 28, 2006 9:40 am, David McDowell wrote: > Based on Steve's example config, how do we explain why he gets a value > in %U with security = share and I don't when I set mine up > identically? The only difference I see is in our samba versions. my > 3.0.10x vs his 3.0.12x > > %u is what I used when I got the nobody value, not %U. > > If I set security = user, nothing works, the printer nor the share for > pickup b/c there are no users in my smbpasswd list. I would suspect > even if I created a list of my users with blank passwords it would > still fail b/c the logged in windows user's password wouldn't match > the smbpasswd list, thus failure to connect. Thoughts? > > thanks folks for all your ideas so far! > David > > > On 2/28/06, Matt McGrievy <[EMAIL PROTECTED]> wrote: >> Hi David, >> >> Following up on Rick's post, seeing "security=share" in your >> smb.conf >> reminded me of this little passage in the samba docs about username >> confusion with share-level security: >> >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2527269 >> In share-level security, the client authenticates itself separately >> for >> each share. It sends a password along with each tree connection >> request >> (share mount), but it does not explicitly send a username with this >> operation. The client expects a password to be associated with each >> share, independent of the user. This means that Samba has to work >> out >> what username the client probably wants to use, the SMB server is >> not >> explicitly sent the username. Some commercial SMB servers such as NT >> actually associate passwords directly with shares in share-level >> security, but Samba always uses the UNIX authentication scheme where >> it >> is a username/password pair that is authenticated, not a >> share/password >> pair. >> >> So I guess that means that Samba CAN figure out the username, but >> maybe >> that's biting you in some way. I don't know how it works if you're >> going through an AD (maybe Windows passes the right username or >> maybe it >> authenticates as a guest?). That could explain why you're getting >> the >> "nobody" username on the print jobs. It's possible that you'll have >> to >> use user or domain security. The rest of the page above may be able >> to >> shed some light. >> >> -Matt >> >> Rick DeNatale wrote: >> > On 2/27/06, David McDowell <[EMAIL PROTECTED]> wrote: >> >> woah, I changed %U to %u and now I get: nobody-Feb27-164318.pdf >> for >> >> my filename. I don't know if that is considered progress or not! >> :p >> > >> > %u is the username of the current service according to man >> smb.conf in >> > your case the print service is running as user nobody. >> > >> > %U is the session username (the username that the client wanted, >> not >> > necessarily the same as the one they got). >> > >> > %U is silently ignored for guest users, i.e. those who don't >> > authenticate on connect. >> > >> > I think that you have to set up proper mapping of windows accounts >> to >> > nix accounts to let the print server differentiate between users. >> How >> > you do that, AD, LDAP, whatever is a variable. I've never set >> that up >> > myself. Hopefully someone with more samba chops, or the samba >> > documentation will reveal the secrets. >> > >> > -- >> > Rick DeNatale >> > >> > Visit the Project Mercury Wiki Site >> > http://www.mercuryspacecraft.com/ >> -- >> TriLUG mailing list : >> http://www.trilug.org/mailman/listinfo/trilug >> TriLUG Organizational FAQ : http://trilug.org/faq/ >> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ >> > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
