samba not logging windows user names

Steve Litt slitt at
Tue Nov 23 15:55:33 GMT 1999

Thread continues at bottom...

At 08:17 PM 11/23/1999 +1100, Ronald Derksen wrote:
>Steve Litt wrote:
>> At 07:26 PM 11/22/1999 +1100, Ronald Derksen wrote:
>> >Hi,
>> [clip]
>> >I also tried logging to a file which contains '%U' but this give me very
>> >often the 'guest' name in the logfile while guest access is denied.
>> [clip]
>> >Ronald Derksen
>> Ronald -- the listing of "guest" as %U is not at all my experience. My
>> experience is %U is the username on the windows box or the -U arg of
>> smbclient, irrespective of any guesting issues. Either I've spaced out or
>> you've discovered a very interesting anomoly. Can you reproduce this
>> behavior with a tiny smb.conf?
>root at lycosa # cat ../lib/smb.conf
>        netbios name    = cwnl-lycosa
>        workgroup = CWNL-LAB
>        guest account = pcguest
>        log file = /usr/local/samba/log/log.%U
>        debug level = 1
>        encrypt passwords = yes
>        password server = cweu-users-pdc
>        security = server
>        username map = /usr/local/samba/lib/
>        lock directory = /usr/local/samba/locks
>	dead time = 1
>        path = /tmp
>        guest ok = no
>        valid users = ronaldd
>        force user = test1
>root at lycosa # ls -l /usr/local/samba/log
>total 8
>-rw-r--r--   1 root     system         0 Mar 14 22:21 log.
>-rw-r--r--   1 root     system         0 Mar 14 22:21 log.cwnl-ronaldd
>-rw-r--r--   1 root     system       116 Mar 14 22:21 log.pcguest
>root at lycosa # cat /usr/local/samba/log/log.pcguest
>2000/03/14 22:21:43 cwnl-c1683 ( connect to service temp as
>user test1 (uid=3310,gid=1430) (pid 28476)
>root at lycosa # 
>The "connect to service" line only appears in the logfile "log.pcguest".
>This happens when connect via "START -> RUN -> open: \\cwnl-lycosa" and
>select share temp ( and browse network neigborhood ). This is the
>behaviour of most of our users because there are too many shares that
>are not always needed. When I do a "map network drive" the "connect to
>service" line only appears in the logfile "log.cwnl-ronaldd".
>Some interesting note I just found out: The "closed connection to
>service" line comes in the file "log.cwnl-ronaldd" when browsing.

Ronald -- the plot thickens.

My results were:

[root at mainserv samba]# ls log
log.  log.ronaldd  log.test1
[root at mainserv samba]# ls -ldF log/*
-rw-r--r--   1 root     root          282 Nov 23 05:51 log/log.
-rw-r--r--   1 root     root          379 Nov 23 05:51 log/log.ronaldd
-rw-r--r--   1 root     root          198 Nov 23 05:51 log/log.test1
[root at mainserv samba]#   

I created your smb.conf, and your users I ran the tests from smbclient, as
I didn't want to take 5 minutes to reboot my machine. Also, not having your
authentication server, and not having a PDC handy, I needed to comment out
your password server=. Probably more significantly, I didn't have your
username map= file, so I commented that out.

We can exploit the differences now. First step, send me your username map
file (or a subset sufficient to this anomoly). One thing. Are you
absolutely, positively certain you didn't accidentally access [temp] as
user pcguest?

Steve Litt

More information about the samba mailing list