User permissions - nil authorised users

I am a bit surprised by the behaviour of Samba user permissions (security = user) - although in fact it produces exactly what I want! Can I confirm it is correct, and ask one question?

I have one class of shares (private) which I want only specified users to access. And another class which I want everyone to be able to access (public) but with a common password protection for some element of security from visitors on the lan with laptops etc.

The private shares work fine, as expected with Samba users matching Windows users.
What surprised me was that by omitting any authorised users for the public shares it allows (as I wanted it, but not as I expected it) anyone on the lan to access the public shares by entering a single authorised user name and password (I set up a general user and password in Samba for this purpose). I did not set up guest accounts.

I had thought that user security needed to match the users actual user name and password in windows. So I was surprised by this behaviour.

My question therefore is: is this a valid way to achieve what I want? And as a follow up, is there a way to require revalidation (this option does not seem to be accepted).
Thanks
Denys

Hi,

On Wed, Sep 3, 2008 at 4:37 PM, dfirth <denys.firth@...> wrote:
>
> I had thought that user security needed to match the users actual user name
> and password in windows. So I was surprised by this behaviour.

This is not correct. security = user only means that users
authenticate themselves by providing a username/password that matches
a username/password in the *Samba* user database.

By default, Windows uses the currently logged in user to authenticate
against samba, that's why you can seamlessly connect to samba shares
if the windows user/password happens to match a user/password
combination in Samba's user database.

However, you can just as well specify any other username/password to
connect with, independent of the currently logged in Windows user.

HTH,
Richard
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

OK
Thanks.
But I note that when trying to access shares that have authorised users, windows either gives you no option to enter a user ("not accessible"), or if it does, it will not accept a username and password that matches one of the authorised users.

Richard Foltyn wrote:

Hi,

On Wed, Sep 3, 2008 at 4:37 PM, dfirth <denys.firth@gmail.com> wrote:
>
> I had thought that user security needed to match the users actual user name
> and password in windows. So I was surprised by this behaviour.

This is not correct. security = user only means that users
authenticate themselves by providing a username/password that matches
a username/password in the *Samba* user database.

By default, Windows uses the currently logged in user to authenticate
against samba, that's why you can seamlessly connect to samba shares
if the windows user/password happens to match a user/password
combination in Samba's user database.

However, you can just as well specify any other username/password to
connect with, independent of the currently logged in Windows user.

HTH,
Richard
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba