Re the "username =" option of smb.conf.

If you use a user.account without a password, strange things will
happen. You may (or may not) be asked to supply a password anyway.
Whether or not you are asked to supply a password seems to depend upon
the length of the user.account string. If you are asked, you must supply
at least 2 blanks, at which point you shrug your shoulders and assume it
is just a quirk and all is OK. Wrong. If you are trying to connect to an
MPE group, you will probably have difficulty creating files. If you are
trying to connect to an HFS directory (that has been chmod 777), you
will probably be able to create files, but general permission problems
will likely occur leading to considerable confusion. So what is going
on?

It appears that even though you use the "username =" option, if there is
no password you are attached as the GUEST user (this even though
specifying "guest ok = no"). Files that are created get the guest user
ID as owner. If the username has a password, then it appears the owner
of created files is either the user.account or the user the smbmon job
is running under. And this depends upon the capabilities of the user
specified in "username=".

Does anyone know if there is a complete explanation of
security/permissions for Samba on MPE?

If you made it this far, you may be asking why I want to use the
"username =" option with a user.account that has no password - seems to
violate good security principles. You would be right, it does. However,
I have 10-20 users that will be accessing three HP3000s through Samba
and they all have NT Workstation - which means in order to use
passwords, I have to do a register hack on 10-20 machines to enable
unencrypted passwords. Not a pretty prospect.

John Burke
e-mail: [log in to unmask]