HP3000-L Archives

July 2000, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Samba Password Behavior
From:
Michael L Gueterman <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 11 Jul 2000 10:27:39 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (80 lines) 
Tracy wrote:

> I've noticed that for a certain group I have the following:
>   valid users = MANAGER.SYS, XYZ.SYS
>
> Yet in my user.map file I also have the following:
> manager.sys = myself
> xyz.sys = other
>
> Question 1:
> Which takes precedence?

A1: See A2 below :)

>
> Question 2:
> Or do these overlap at all?

A2: They work together.  What happens is "if" there is an entry in
    the user.map file which you match (i.e. You connect to a share
    as Windows user 'myself' in your example), you're connection
    name is changed just as if you originally typed in 'manager.sys'.
    As far as Samba is concerned, your username is now 'manager.sys'.
    All further uses of the username will check against 'manager.sys'.
>
> Question 3 corrollary:
> Or do they conflict?

A3: No, but you have to be aware of what the "effective" MPE user is
    for a given share.  For example, the valid users parameter is trying
    to limit access to a list of valid "windows" users, not MPE users.
    If you didn't have the names mapped correctly in the user.map file,
    you wouldn't gain access to that share.  Don't confuse the 'valid users'
    parameter with the 'username' parameter (the format validates "who"
    is allowed access to the share, while the later supplies a list of
    'potential' users to the password checking mechanism to validate the
    information you entered into the windows connection command).  When
    running under 'share mode' which is the default, no where do you "force"
    the use of a particular MPE user.account, although you can get close.

>
> The other insidious thing in I noticed in WinDoze is
> when you're prompted for a password there's that
> little check box to save it, (it goes into your
> .pwl file.)  So if you change your password on the
> host, the user has to delete his .pwl file and
> build a new one.  (Or make sure he never has the
> box checked, if he misses unchecking it once ....
> same story.)
>

In some earlier incarnations of the Windows password caching mechanism,
if the cached password was invalid you were out of luck and had to
purge the file and start from scratch.  I believe that for a while now,
if the cached password was invalid, windows would toss up the password
dialog box and allow you to enter the new one.  It's been a while since
I looked into this though, so....

> Question 4:
> Is this a bad thing?

A4: Its a POV thing, you tell me :)

  The current version of Samba/iX has over 170 various parameters that can
be set to alter its behavior.  I've not counted the number in the 2.0.3 beta
version that is currently being tested, but I'm positive its larger!  One
of the good (and also bad) things about Samba is its flexibility.  It's
fairly
trivial to get Samba/iX up and running on the 3000.  It can be much harder
to
get it to work with you're particular PC environment (call it 'Job Security'
for those of us that do Samba/iX installs ;).

Regards,
Michael L Gueterman
Easy Does It Technologies
http://www.sambaix.com
voice: 888-858-3348 (EDIT) or 573-368-5478
fax:   573-368-5479

ATOM RSS1 RSS2