The "valid users" parameter already existed in version 3 of the SAMBA and indicated which users were allowed to access the share. The "username" parameter indicated which user should be used when it was not defined at the time of mapping. SMB.CONF [folder] ... username = userX valid users = userX, userY, ... To map the "folder" share, only the following line was needed: net use \\samba-server\folder userX_password Em ter., 20 de out. de 2020 ?s 11:21, Rowland penny via samba < samba at lists.samba.org> escreveu:> On 20/10/2020 15:10, Fernando Gon?alves wrote: > > I'm sorry, but since I'm a SAMBA / Linux developer, I don't know how > > to answer your questions. > > What I can say is that before SAMBA (stand alone) was used in version > > 3.6.6, where the "username" option was used in the sharing settings. > > For example: > > SMB.CONF > > [folder] > > path = ... > > username = userX > > > > Thus, the following line was passed in a DOS script: > > > > net use x: \\samba-server\folder <password> > > > > This way the mapping took place using the user that was defined in the > > parameter "username" (userX). > > > > But now in version 4 (member of an AD domain) this parameter is not > > accepted. > > > 'username' was replaced by 'valid users', so you could try that. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 20/10/2020 15:36, Fernando Gon?alves wrote:> The "valid users" parameter already existed in version 3 of the SAMBA > and indicated which users were allowed to access the share. > > The "username" parameter indicated which user should be used when it > was not defined at the time of mapping. > SMB.CONFNo, 'username' was meant to be used in the same way as 'valid users', but for only one user (and you were also supposed to set 'only user' as well, but that has gone as well). Have you tried setting 'valid users = THE_USERS_NAME' ? Rowland
On 10/20/20 10:50 AM, Rowland penny via samba wrote:> On 20/10/2020 15:36, Fernando Gon?alves wrote: >> The "valid users" parameter already existed in version 3 of the SAMBA >> and indicated which users were allowed to access the share. >> >> The "username" parameter indicated which user should be used when it >> was not defined at the time of mapping. >> SMB.CONF > > No, 'username' was meant to be used in the same way as 'valid users', > but for only one user (and you were also supposed to set 'only user' as > well, but that has gone as well). Have you tried setting 'valid users = > THE_USERS_NAME' ? > > Rowland > >I still have some old Samba VMs for domain migration testing, and checked the documentation of that old parameter: ========== Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right). The deprecated username line is needed only when the PC is unable to supply its own username. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames. In both these cases you may also be better using the \\server\share%user syntax instead. The username line is not a great solution in many cases as it means Samba will try to validate the supplied password against each of the usernames in the username line in turn. This is slow and a bad idea for lots of users in case of duplicate passwords. You may get timeouts or security breaches using this parameter unwisely. Samba relies on the underlying UNIX security. This parameter does not restrict who can login, it just offers hints to the Samba server as to what usernames might correspond to the supplied password. Users can login as whoever they please and they will be able to do no more damage than if they started a telnet session. The daemon runs as the user that they log in as, so they cannot do anything that user cannot do. ========== Looks like there is no workaround, it just tested the user password (standalone servers?) on multiple usernames and select the user that matched. valid users is more to restrict what users can connect to the share, but it doesn't try them all with the password.
I tried to use only one username in the "valid users" parameter but it didn't work. SMB.CONF [folder] ... valid users = userX net use \\ samba-server \ folder userX_password There seems to be no solution for my case. :( Em ter., 20 de out. de 2020 ?s 11:50, Rowland penny via samba < samba at lists.samba.org> escreveu:> On 20/10/2020 15:36, Fernando Gon?alves wrote: > > The "valid users" parameter already existed in version 3 of the SAMBA > > and indicated which users were allowed to access the share. > > > > The "username" parameter indicated which user should be used when it > > was not defined at the time of mapping. > > SMB.CONF > > No, 'username' was meant to be used in the same way as 'valid users', > but for only one user (and you were also supposed to set 'only user' as > well, but that has gone as well). Have you tried setting 'valid users > THE_USERS_NAME' ? > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >