samba not logging windows user names
slitt at troubleshooters.com
Tue Nov 23 15:55:33 GMT 1999
Thread continues at bottom...
At 08:17 PM 11/23/1999 +1100, Ronald Derksen wrote:
>Steve Litt wrote:
>> At 07:26 PM 11/22/1999 +1100, Ronald Derksen wrote:
>> >I also tried logging to a file which contains '%U' but this give me very
>> >often the 'guest' name in the logfile while guest access is denied.
>> >Ronald Derksen
>> Ronald -- the listing of "guest" as %U is not at all my experience. My
>> experience is %U is the username on the windows box or the -U arg of
>> smbclient, irrespective of any guesting issues. Either I've spaced out or
>> you've discovered a very interesting anomoly. Can you reproduce this
>> behavior with a tiny smb.conf?
>root at lycosa # cat ../lib/smb.conf
> netbios name = cwnl-lycosa
> workgroup = CWNL-LAB
> guest account = pcguest
> log file = /usr/local/samba/log/log.%U
> debug level = 1
> encrypt passwords = yes
> password server = cweu-users-pdc
> security = server
> username map = /usr/local/samba/lib/username.map
> lock directory = /usr/local/samba/locks
> dead time = 1
> path = /tmp
> guest ok = no
> valid users = ronaldd
> force user = test1
>root at lycosa # ls -l /usr/local/samba/log
>-rw-r--r-- 1 root system 0 Mar 14 22:21 log.
>-rw-r--r-- 1 root system 0 Mar 14 22:21 log.cwnl-ronaldd
>-rw-r--r-- 1 root system 116 Mar 14 22:21 log.pcguest
>root at lycosa # cat /usr/local/samba/log/log.pcguest
>2000/03/14 22:21:43 cwnl-c1683 (172.16.27.85) connect to service temp as
>user test1 (uid=3310,gid=1430) (pid 28476)
>root at lycosa #
>The "connect to service" line only appears in the logfile "log.pcguest".
>This happens when connect via "START -> RUN -> open: \\cwnl-lycosa" and
>select share temp ( and browse network neigborhood ). This is the
>behaviour of most of our users because there are too many shares that
>are not always needed. When I do a "map network drive" the "connect to
>service" line only appears in the logfile "log.cwnl-ronaldd".
>Some interesting note I just found out: The "closed connection to
>service" line comes in the file "log.cwnl-ronaldd" when browsing.
Ronald -- the plot thickens.
My results were:
[root at mainserv samba]# ls log
log. log.ronaldd log.test1
[root at mainserv samba]# ls -ldF log/*
-rw-r--r-- 1 root root 282 Nov 23 05:51 log/log.
-rw-r--r-- 1 root root 379 Nov 23 05:51 log/log.ronaldd
-rw-r--r-- 1 root root 198 Nov 23 05:51 log/log.test1
[root at mainserv samba]#
I created your smb.conf, and your users I ran the tests from smbclient, as
I didn't want to take 5 minutes to reboot my machine. Also, not having your
authentication server, and not having a PDC handy, I needed to comment out
your password server=. Probably more significantly, I didn't have your
username map= file, so I commented that out.
We can exploit the differences now. First step, send me your username map
file (or a subset sufficient to this anomoly). One thing. Are you
absolutely, positively certain you didn't accidentally access [temp] as
More information about the samba