[TriLUG] HOWTO: Create PDFs using Samba but not CUPS
David McDowell
turnpike420 at gmail.com
Tue Feb 28 09:40:58 EST 2006
Based on Steve's example config, how do we explain why he gets a value
in %U with security = share and I don't when I set mine up
identically? The only difference I see is in our samba versions. my
3.0.10x vs his 3.0.12x
%u is what I used when I got the nobody value, not %U.
If I set security = user, nothing works, the printer nor the share for
pickup b/c there are no users in my smbpasswd list. I would suspect
even if I created a list of my users with blank passwords it would
still fail b/c the logged in windows user's password wouldn't match
the smbpasswd list, thus failure to connect. Thoughts?
thanks folks for all your ideas so far!
David
On 2/28/06, Matt McGrievy <mcgrievy at email.unc.edu> wrote:
> Hi David,
>
> Following up on Rick's post, seeing "security=share" in your smb.conf
> reminded me of this little passage in the samba docs about username
> confusion with share-level security:
>
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2527269
> In share-level security, the client authenticates itself separately for
> each share. It sends a password along with each tree connection request
> (share mount), but it does not explicitly send a username with this
> operation. The client expects a password to be associated with each
> share, independent of the user. This means that Samba has to work out
> what username the client probably wants to use, the SMB server is not
> explicitly sent the username. Some commercial SMB servers such as NT
> actually associate passwords directly with shares in share-level
> security, but Samba always uses the UNIX authentication scheme where it
> is a username/password pair that is authenticated, not a share/password
> pair.
>
> So I guess that means that Samba CAN figure out the username, but maybe
> that's biting you in some way. I don't know how it works if you're
> going through an AD (maybe Windows passes the right username or maybe it
> authenticates as a guest?). That could explain why you're getting the
> "nobody" username on the print jobs. It's possible that you'll have to
> use user or domain security. The rest of the page above may be able to
> shed some light.
>
> -Matt
>
> Rick DeNatale wrote:
> > On 2/27/06, David McDowell <turnpike420 at gmail.com> wrote:
> >> woah, I changed %U to %u and now I get: nobody-Feb27-164318.pdf for
> >> my filename. I don't know if that is considered progress or not! :p
> >
> > %u is the username of the current service according to man smb.conf in
> > your case the print service is running as user nobody.
> >
> > %U is the session username (the username that the client wanted, not
> > necessarily the same as the one they got).
> >
> > %U is silently ignored for guest users, i.e. those who don't
> > authenticate on connect.
> >
> > I think that you have to set up proper mapping of windows accounts to
> > nix accounts to let the print server differentiate between users. How
> > you do that, AD, LDAP, whatever is a variable. I've never set that up
> > myself. Hopefully someone with more samba chops, or the samba
> > documentation will reveal the secrets.
> >
> > --
> > Rick DeNatale
> >
> > Visit the Project Mercury Wiki Site
> > http://www.mercuryspacecraft.com/
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list