Win10 with SMB2_10 or SMB3_11 and problems with 'print command'

Thomas Bork tombork at web.de
Sun Jul 17 21:28:07 UTC 2016 

Am 04.07.2016 um 23:38 schrieb ich:

[...]
> Win10:
> ------
> Ausgehandeltes Protokoll-Level (%R) = NT1
> Vom Client angeforderter Benutzername (%U) = hans-georg kiefer
> Name des effektiven Benutzers (%u) = tanne
>
> Ausgehandeltes Protokoll-Level (%R) = SMB2_10
> Vom Client angeforderter Benutzername (%U) = hans-georg kiefer
> Name des effektiven Benutzers (%u) = nobody
>
> Ausgehandeltes Protokoll-Level (%R) = SMB3_11
> Vom Client angeforderter Benutzername (%U) = hans-georg kiefer
> Name des effektiven Benutzers (%u) = nobody
[...]
> Does anybody know if this a problem in Win10 or in samba?

Can anybody reproduce this?

In the meantime we found out, that the misbehavior (effective user is 
nobody and not the correct linux user) only take place, if Windows 10 is 
not part of an domain.

If the same client is part of an domain (and even if it is not logged on 
to the domain), the effective user is the correct linux user:

Ausgehandeltes Protokoll-Level (%R) = SMB3_11
Vom Client angeforderter Benutzername (%U) = hans-georg kiefer
Name des effektiven Benutzers (%u) = tanne

See also:
http://forum.nettworks.org/index.php?t=msg&th=7327&goto=49206&#msg_49206
http://forum.nettworks.org/index.php?t=msg&th=7327&start=0&
http://forum.nettworks.org/index.php?t=msg&th=7327&prevloaded=1&&start=40

My last test was with samba 4.3.11. This is the smb.conf:

[global]
  dos charset = CP850
  unix charset = UTF-8
  workgroup = TESTDOM
  serverstring =
  interfaces = 127.0.0.1/8 192.168.0.12/255.255.255.0
  bind interfaces only = yes
  hosts allow = 127.0.0. 192.168.0.0/255.255.255.0
  security = user
  password server =
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*Password:* %n\n *Retype*new*password:* %n\n 
*password*updated*
  username map = /etc/user.map
  username level = 2
  unix password sync = yes
  debug level = 0
  max log size = 10000
  nameresolveorder = lmhosts host wins bcast
  time server = yes
  deadtime = 60
  printing = lprng
  printcap name = /etc/printcap
  printcap cache time = 0
  load printers = no
  mangling method = hash2
  domain logons = no
  add user script = /usr/sbin/useradd -m '%u' -c '%u'
  add machine script =
  delete user script =
  add group script = /var/install/bin/add-group '%g'
  delete group script = /var/install/bin/remove-group '%g'
  add user to group script = /usr/sbin/usermod -G '%g' '%u'
  delete user from group script = /usr/sbin/userdel '%g' '%u'
  set primary group script = /var/install/bin/modify-user -g '%u' '%g'
  os level = 0
  preferred master = no
  local master = no
  domain master = no
  wins support = no
  wins hook =
  wins server =
  wins proxy = no
  kernel oplocks = no
  utmp = yes
  message command = /var/install/bin/samba-netbios-mail '%f' '%s'
  admin users = root
  use sendfile = yes
  unix extensions = no
  wide links = yes
  enable core files = no
  max mux = 10000
  dos filemode = yes
  acl group control = yes
  force unknown acl user = yes
  inherit acls = yes
  map acl inherit = yes
  map hidden = no
  map system = no
  map archive = no
  map read only = no
  store dos attributes = yes
  ea support = yes
  oplocks = no
  level2 oplocks = no
  blocking locks = no
  hide files = /desktop.ini/Thumbs.db/
  dos filemode = yes
  passdb backend = tdbsam
  lanman auth = yes
  client lanman auth = yes
  client plaintext auth = yes
  client ntlmv2 auth = no
  require strong key = no
  allow nt4 crypto = yes
  min receivefile size = 16384
  aio read size = 16384
  aio write size = 16384
  acl allow execute always = yes
  print notify backchannel = no
  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE

[homes]
  comment = home directory on testeis
  writeable = yes
  create mode = 0600
  force create mode = 0600
  directory mode= 0700
  force directory mode= 0700
  browseable = no
  valid users = %S root

[all]
  comment = root directory on testeis
  read only = no
  browseable = no
  path = /
  dont descend = proc,sys,dev
  valid users = root
  create mode = 0700
  force create mode = 0700
  directory mode= 0700
  force directory mode= 0700

[public]
  comment = public directory on testeis
  path = /public
  force create mode = 0777
  force directory mode= 0777
  browseable = yes
  writeable = yes

[pr1]
  comment = local parallel printer pr1 on %h
  printing = lprng
  print command = chmod 666 "%s"; jobname=`echo "%J" | sed "s/^.*- //"`; 
if [ -z "$jobname" ]; then jobname="%s"; fi; 
/var/install/bin/lprng-print "%p" "%s" "%U" "%m" "%L" "%I" "%a" "$jobname"
  lpq command = /usr/bin/lpq -P%p -L
  lprm command = /usr/bin/lprm -P%p %j
  lppause command = /usr/sbin/lpc hold %p %j
  lpresume command = /usr/sbin/lpc release %p %j
  queuepause command = /usr/sbin/lpc stop %p
  queueresume command = /usr/sbin/lpc start %p
  printable = yes
  use client driver = yes
  browseable = yes
  create mode = 0700
  path = /var/spool/samba

[pdf]
  comment = pdf-service on %h
  printing = bsd
  use client driver = yes
  browseable = yes
  printable = yes
  path = /var/spool/samba
  lpq command = /var/install/bin/samba-print-pdf status
  print command = ( /var/install/bin/samba-smbinfo-pdf 
"T=%T|d=%d|v=%v|h=%h|L=%L|N=%N|p=%p|R=%R|S=%S|P=%P|U=%U|G=%G|u=%u|g=%g|H=%H|I=%I|M=%M|m=%m|a=%a" 
) &
  create mode = 0700

[print$]
  comment = samba printer drivers on %h
  browseable = yes
  writeable = no
  path = /samba_printer_drivers
  write list = root


The user map file /etc/user.map:

root = "Administrator"
tanne = "Hans-Georg Kiefer"

-- 
der tom

More information about the samba-technical mailing list