Session username vs. Real username
Anders C. Thorsen
anders at aae.wisc.edu
Wed Dec 6 04:36:25 GMT 2000
On Wed, Dec 06, 2000 at 07:55:31AM -0600, Gerald Carter wrote:
> "Anders C. Thorsen" wrote:
> You questions relate more to Samba's implementation (or a
> given server implementation) rather than the protocol itself.
> For example, a windows 9x client transmits the username in
> all upper case letters. This is the session username you
> are referring to. However, most UNIX usernames are case
> insensitive and I have never met a sysadmin who didn't
> follow convention by making usernames in all lower case
> characters. Therefore samba does an internal mapping between
> these two. Other instances could be traced to the 'force
> user' parameter.
> Now onto your real question, When browsing, IIRC a Windows
> box will attempt to browse a server using the username
> and password enter at logon. As opposed to an anonymous
> connection. So if this is a valid account on the
> server, then you are set. If the account is not valid,
> then you get into guest logons, etc...
> Make sense?
yes. This is somewhat what the source code suggested / traces, etc.
in smbd/reply.c:reply_sesssetup_and_X (samba 2.0.7)
pstring sesssetup_user is given the username (more specific session username?)
"char* username = sam_logon_in_ssb ? samlogon_user : sesssetup_user;"
tells me that samlogon_user should contain a authenticated username if
samlogon_in_ssb is true
which is set in rpc_server/srv_netlog.c:api_net_sam_logon. This seems to
be a variable which only is set when the client is NT.
Is there any way to easy determine if the user is authenticated
Anders C. Thorsen
PGP Key: http://www.aae.wisc.edu/~anders/anders-pgp.asc
Only two things are infinite.
The universe and human stupidity.
Although, I am unsure of the former.
More information about the samba-technical