| 1 | <samba:parameter name="username"
|
|---|
| 2 | context="S"
|
|---|
| 3 | type="string"
|
|---|
| 4 | xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 5 | <synonym>user</synonym>
|
|---|
| 6 | <synonym>users</synonym>
|
|---|
| 7 | <description>
|
|---|
| 8 | <para>Multiple users may be specified in a comma-delimited
|
|---|
| 9 | list, in which case the supplied password will be tested against
|
|---|
| 10 | each username in turn (left to right).</para>
|
|---|
| 11 |
|
|---|
| 12 | <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when
|
|---|
| 13 | the PC is unable to supply its own username. This is the case
|
|---|
| 14 | for the COREPLUS protocol or where your users have different WfWg
|
|---|
| 15 | usernames to UNIX usernames. In both these cases you may also be
|
|---|
| 16 | better using the \\server\share%user syntax instead.</para>
|
|---|
| 17 |
|
|---|
| 18 | <para>The <parameter moreinfo="none">username</parameter> line is not a great
|
|---|
| 19 | solution in many cases as it means Samba will try to validate
|
|---|
| 20 | the supplied password against each of the usernames in the
|
|---|
| 21 | <parameter moreinfo="none">username</parameter> line in turn. This is slow and
|
|---|
| 22 | a bad idea for lots of users in case of duplicate passwords.
|
|---|
| 23 | You may get timeouts or security breaches using this parameter
|
|---|
| 24 | unwisely.</para>
|
|---|
| 25 |
|
|---|
| 26 | <para>Samba relies on the underlying UNIX security. This
|
|---|
| 27 | parameter does not restrict who can login, it just offers hints
|
|---|
| 28 | to the Samba server as to what usernames might correspond to the
|
|---|
| 29 | supplied password. Users can login as whoever they please and
|
|---|
| 30 | they will be able to do no more damage than if they started a
|
|---|
| 31 | telnet session. The daemon runs as the user that they log in as,
|
|---|
| 32 | so they cannot do anything that user cannot do.</para>
|
|---|
| 33 |
|
|---|
| 34 | <para>To restrict a service to a particular set of users you
|
|---|
| 35 | can use the <smbconfoption name="valid users"/> parameter.</para>
|
|---|
| 36 |
|
|---|
| 37 | <para>If any of the usernames begin with a '@' then the name
|
|---|
| 38 | will be looked up first in the NIS netgroups list (if Samba
|
|---|
| 39 | is compiled with netgroup support), followed by a lookup in
|
|---|
| 40 | the UNIX groups database and will expand to a list of all users
|
|---|
| 41 | in the group of that name.</para>
|
|---|
| 42 |
|
|---|
| 43 | <para>If any of the usernames begin with a '+' then the name
|
|---|
| 44 | will be looked up only in the UNIX groups database and will
|
|---|
| 45 | expand to a list of all users in the group of that name.</para>
|
|---|
| 46 |
|
|---|
| 47 | <para>If any of the usernames begin with a '&' then the name
|
|---|
| 48 | will be looked up only in the NIS netgroups database (if Samba
|
|---|
| 49 | is compiled with netgroup support) and will expand to a list
|
|---|
| 50 | of all users in the netgroup group of that name.</para>
|
|---|
| 51 |
|
|---|
| 52 | <para>Note that searching though a groups database can take
|
|---|
| 53 | quite some time, and some clients may time out during the
|
|---|
| 54 | search.</para>
|
|---|
| 55 |
|
|---|
| 56 | <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
|
|---|
| 57 | USERNAME/PASSWORD VALIDATION</link> for more information on how
|
|---|
| 58 | this parameter determines access to the services.</para>
|
|---|
| 59 | </description>
|
|---|
| 60 |
|
|---|
| 61 | <value type="default"><comment>The guest account if a guest service,
|
|---|
| 62 | else <empty string>.</comment></value>
|
|---|
| 63 |
|
|---|
| 64 | <value type="example">fred, mary, jack, jane, @users, @pcgroup</value>
|
|---|
| 65 | </samba:parameter>
|
|---|
