[TriLUG] HOWTO: Create PDFs using Samba but not CUPS

Matt Pusateri mpusateri at wickedtrails.com
Tue Feb 28 17:08:52 EST 2006


use security = user and then add a map to guest = bad password or bad
user.

Matt P.


On Tue, February 28, 2006 9:40 am, David McDowell wrote:
> Based on Steve's example config, how do we explain why he gets a value
> in %U with security = share and I don't when I set mine up
> identically?  The only difference I see is in our samba versions.  my
> 3.0.10x vs his 3.0.12x
>
> %u is what I used when I got the nobody value, not %U.
>
> If I set security = user, nothing works, the printer nor the share for
> pickup b/c there are no users in my smbpasswd list.  I would suspect
> even if I created a list of my users with blank passwords it would
> still fail b/c the logged in windows user's password wouldn't match
> the smbpasswd list, thus failure to connect.  Thoughts?
>
> thanks folks for all your ideas so far!
> David
>
>
> On 2/28/06, Matt McGrievy <mcgrievy at email.unc.edu> wrote:
>> Hi David,
>>
>> Following up on Rick's post, seeing "security=share" in your
>> smb.conf
>> reminded me of this little passage in the samba docs about username
>> confusion with share-level security:
>>
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id2527269
>> In share-level security, the client authenticates itself separately
>> for
>> each share. It sends a password along with each tree connection
>> request
>> (share mount), but it does not explicitly send a username with this
>> operation. The client expects a password to be associated with each
>> share, independent of the user. This means that Samba has to work
>> out
>> what username the client probably wants to use, the SMB server is
>> not
>> explicitly sent the username. Some commercial SMB servers such as NT
>> actually associate passwords directly with shares in share-level
>> security, but Samba always uses the UNIX authentication scheme where
>> it
>> is a username/password pair that is authenticated, not a
>> share/password
>> pair.
>>
>> So I guess that means that Samba CAN figure out the username, but
>> maybe
>> that's biting you in some way.  I don't know how it works if you're
>> going through an AD (maybe Windows passes the right username or
>> maybe it
>> authenticates as a guest?).  That could explain why you're getting
>> the
>> "nobody" username on the print jobs.  It's possible that you'll have
>> to
>> use user or domain security.  The rest of the page above may be able
>> to
>> shed some light.
>>
>> -Matt
>>
>> Rick DeNatale wrote:
>> > On 2/27/06, David McDowell <turnpike420 at gmail.com> wrote:
>> >> woah, I changed %U to %u and now I get:  nobody-Feb27-164318.pdf
>> for
>> >> my filename.  I don't know if that is considered progress or not!
>>  :p
>> >
>> > %u is the username of the current service according to man
>> smb.conf in
>> > your case the print service is running as user nobody.
>> >
>> >  %U  is the session username (the username that the client wanted,
>> not
>> >  necessarily the same as the one they got).
>> >
>> > %U is silently ignored for guest users, i.e. those who don't
>> > authenticate on connect.
>> >
>> > I think that you have to set up proper mapping of windows accounts
>> to
>> > nix accounts to let the print server differentiate between users.
>> How
>> > you do that, AD, LDAP, whatever is a variable.  I've never set
>> that up
>> > myself. Hopefully someone with more samba chops, or the samba
>> > documentation will reveal the secrets.
>> >
>> > --
>> > Rick DeNatale
>> >
>> > Visit the Project Mercury Wiki Site
>> > http://www.mercuryspacecraft.com/
>> --
>> TriLUG mailing list        :
>> http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG Organizational FAQ  : http://trilug.org/faq/
>> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>>
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
>





More information about the TriLUG mailing list