Session username vs. Real username

Anders C. Thorsen anders at
Wed Dec 6 04:36:25 GMT 2000

On Wed, Dec 06, 2000 at 07:55:31AM -0600, Gerald Carter wrote:
> "Anders C. Thorsen" wrote:
> > 
> You questions relate more to Samba's implementation (or a 
> given server implementation) rather than the protocol itself.
> For example, a windows 9x client transmits the username in
> all upper case letters.  This is the session username you
> are referring to.  However, most UNIX usernames are case 
> insensitive and I have never met a sysadmin who didn't 
> follow convention by making usernames in all lower case 
> characters.  Therefore samba does an internal mapping between 
> these two.  Other instances could be traced to the 'force 
> user' parameter.
> Now onto your real question, When browsing, IIRC a Windows 
> box will attempt to browse a server using the username
> and password enter at logon.  As opposed to an anonymous
> connection.  So if this is a valid account on the 
> server, then you are set.  If the account is not valid,
> then you get into guest logons, etc...
> Make sense?

yes. This is somewhat what the source code suggested / traces, etc.

in smbd/reply.c:reply_sesssetup_and_X (samba 2.0.7)
pstring sesssetup_user is given the username (more specific session username?)

and in

the code
"char* username = sam_logon_in_ssb ? samlogon_user : sesssetup_user;"
tells me that samlogon_user should contain a authenticated username if
samlogon_in_ssb is true

which is set in rpc_server/srv_netlog.c:api_net_sam_logon. This seems to
be a variable which only is set when the client is NT.

Is there any way to easy determine if the user is authenticated
all clients?



Anders C. Thorsen
PGP Key:

Only two things are infinite.
The universe and human stupidity.
Although, I am unsure of the former.

Albert Einstein

More information about the samba-technical mailing list