[Samba] [Nearly Resolved] Samba-3 by Example, Ex 2.4

Sun May 8 05:02:46 GMT 2005

On Saturday 07 May 2005 20:18, Eric Hines wrote:
> OK, now I'm confused.
>
> The man page on smb.conf (version 3.0.14a) says that %S is the service
> name.  You're saying that the meaning of the macro has evolved to
> (DOMAIN|SERVER)\username.  If this means that %S is
> (DOMAIN|SERVER)\service, then I can see that service name and username
> would rarely match, and so %S would fail (so why would it work in a
> domain?)  But if it really is (DOMAIN|SERVER)\username, then why does it
> fail at all?  Is this the slightly more restricted use to which you alluded
> below?  Or is the deduction of the user name from the service to run down
> the list of valid users/groups to find a match with the user name/group
> that was used for the login to the share?
>
> Obviously I'm still missing something....

My fault. 

The user name string is no longer just the user login ID but now in many 
places includes the domain or server name as I mentioned. %S is the service 
name. In the case of the homes meta-service the service name (share name) and 
the user name should be the same.

It is no longer possible to use the %S macro as a valid user parameter.
The alternative means of access control on a share includes:
	1. Share ACLs (set using the NT4 Domain Server Manager or using the
		Windows XP Pro MMC Computer Managment tool)
	2. Directory access controls using either UGO (user,group,other) or ACLs.

- John T.

>
> Eric Hines
>
> At 05/07/05 20:06, you wrote:
> >On Saturday 07 May 2005 19:00, Eric Hines wrote:
> > > I'm looking forward to your book.
> > >
> > > Since %S now means DOMAIN/username, then won't it also now fail in any
> > > standalone server config since there's no domain to interpret in a
> > > standalone?
> >
> >In the case of a stand alone server this becomes SERVER\username.
> >
> >- John T.
> >
> > > At 05/07/05 19:24, you wrote:
> > > >On Saturday 07 May 2005 17:39, Eric Hines wrote:
> > > > > John,
> > > > >
> > > > > I'm running Samba 3.0.14a on an FC3 machine, and I'm working from
> > > > > the printed 2004 edition of your book (when is your updated version
> > > > > coming out?  470 pages of pdf is a lot to print out, and being the
> > > > > throwback that I am, I'm much more comfortable with a book than
> > > > > with reading from a computer monitor).
> > > >
> > > >It will be about 480 pages all done, up from 367 pages. A lot has
> > > > changed. It has taken me 6 weeks full time work.
> > > >
> > > > > I went through the WHATSNEW.txt with this version, but all that
> > > > > said was that the %S bug was fixed after 3.0.0.  I notice, though,
> > > > > that in your updated example [files] does not have valid users
> > > > > listed in any guise, although in many (most?) of the later examples
> > > > > in your updated book, you still use %S quite freely in the valid
> > > > > users field.
> > > >
> > > >Ah, but the interpretation of the %S macro changed during the 3.0.x
> > > > life from 'username' to 'DOMAIN\username'. Additionally, some macros
> > > > (like %S) now have slightly more restricted use. It is better to
> > > > avoid use of %S if possible. The only use that is safe is in the
> > > > homes meta-service. It will fail almost everywhere else because the
> > > > user name and the service (share name) will not match.
> > > >
> > > >- John T.
> >
> ><snip>
>
> Out of the argument with ourselves comes poetry, out of the argument with
> others comes politics.
>          --Yeats

-- 
John H Terpstra,
Clerk of Session
Christ Presbyerian Church (OPC)
Salt Lake City, Utah.
Phone: (801) 936-1367
Cell:  (650) 580-8668