Followup on "force user = %S"

Jeremy Allison jallison at
Wed Jan 6 18:26:59 GMT 1999

David Collier-Brown wrote:
> In earlier discussion on this list, Thomas R. Stevenson was advised to
> use
> "force user = %S" in order to have a connection, for example, from
> "davecb" at a client machine to //server/xyz authenticated as the user
> "xyz"
> on the server.
>   Alas, this appears to be quite different from what actually occurs in
> make_connection: the connecting user is authenticated first, as "davecb"
> then
> the userid is changed to xyz.
>   This is, from my limited knowledge, the "right" thing to do:
> authenticate then
> force.

Actually, that's not what I told him. He intimated he wanted
*everyone* attaching to share //server/xyz to access the share
as user xyz. Only *after* I'd told him to use force user with
user level security did he reveal he actually wanted to 
*authenticate* as user xyz, but only if the share was xyz.

Of course, this is not possible with "force user" or even with
user level security (which I also told him to use, given the
information he supplied).

Actually, I've now checked the code and found that %S is
a standard_sub() substitution, not a standard_sub_basic()
one and so won't work with 'force user' (I may fix that
for 2.0.0).

Unfortunately, he doesn't understand the difference between
user level and share level security, and at this point really
needs someone to go in and just 'do it' for him as I'm not
sure he understands the man pages. I don't really have time to
do that right now, but you're more than welcome if you want to
take his problem on (but isn't that what people pay Samba 
consultants for ? :-).



Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list