Net help analyzing logfiles: Printer permissions in Domain

Robert Dahlem Robert.Dahlem at frankfurt.netsurf.de
Mon Dec 21 20:03:45 GMT 1998


Marc,

On Mon, 21 Dec 1998 22:46:38 +1100, Marc Haber wrote:

>>Configure "public = yes" and remark "valid users". Try to connect to your 
>>printer share as user asback. If it doesn't work my tip was worthless and you 
>>better forget about it.

>>If it works, you have to investigate further: Remove asback from the "valid 
>>users" list, reboot your client box and try again. If it still works, you have a 
>>security hole. If it doesn't work, your problem is solved.

>- public=yes, valid-users=mh : rejected
>- public=yes, valid-users=mh asback : rejected
>- public=yes, valid-users=commented out : works

>I suspect that samba first checks for a local account. If this
>does not exist, it is mapped to the nobody user, thus the rights
>of the nobody user apply. I think this is broken because in this
>case, the username has been verified by the domain logon.

Looks so. Perhaps you should try to write some comprehensive article on that and 
report to samba-bugs. This has gotten more responsive. [Ugghh! Jeremy, I know I 
owe you a level 10 debug. :-) Lots of none-samba-related topics to get rid of in 
the company]

Hasta la vista,
               Robert

-- 
---------------------------------------------------------------
Robert.Dahlem at frankfurt.netsurf.de
Radio Bornheim - 2:2461/332 at fidonet +49-69-4930830  (ZyX, V34)
                 2:2461/326 at fidonet +49-69-94414444 (ISDN X.75)
---------------------------------------------------------------



More information about the samba mailing list