1 <samba:parameter xmlns:samba="http://samba.org/common">
2 <term><anchor id="USERNAME"/>username (S)</term>
3 <listitem><para>Multiple users may be specified in a comma-delimited
4 list, in which case the supplied password will be tested against
5 each username in turn (left to right).</para>
7 <para>The <parameter moreinfo="none">username</parameter> line is needed only when
8 the PC is unable to supply its own username. This is the case
9 for the COREPLUS protocol or where your users have different WfWg
10 usernames to UNIX usernames. In both these cases you may also be
11 better using the \\server\share%user syntax instead.</para>
13 <para>The <parameter moreinfo="none">username</parameter> line is not a great
14 solution in many cases as it means Samba will try to validate
15 the supplied password against each of the usernames in the
16 <parameter moreinfo="none">username</parameter> line in turn. This is slow and
17 a bad idea for lots of users in case of duplicate passwords.
18 You may get timeouts or security breaches using this parameter
21 <para>Samba relies on the underlying UNIX security. This
22 parameter does not restrict who can login, it just offers hints
23 to the Samba server as to what usernames might correspond to the
24 supplied password. Users can login as whoever they please and
25 they will be able to do no more damage than if they started a
26 telnet session. The daemon runs as the user that they log in as,
27 so they cannot do anything that user cannot do.</para>
29 <para>To restrict a service to a particular set of users you
30 can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users
31 </parameter></link> parameter.</para>
33 <para>If any of the usernames begin with a '@' then the name
34 will be looked up first in the NIS netgroups list (if Samba
35 is compiled with netgroup support), followed by a lookup in
36 the UNIX groups database and will expand to a list of all users
37 in the group of that name.</para>
39 <para>If any of the usernames begin with a '+' then the name
40 will be looked up only in the UNIX groups database and will
41 expand to a list of all users in the group of that name.</para>
43 <para>If any of the usernames begin with a '&' then the name
44 will be looked up only in the NIS netgroups database (if Samba
45 is compiled with netgroup support) and will expand to a list
46 of all users in the netgroup group of that name.</para>
48 <para>Note that searching though a groups database can take
49 quite some time, and some clients may time out during the
52 <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT
53 USERNAME/PASSWORD VALIDATION</link> for more information on how
54 this parameter determines access to the services.</para>
56 <para>Default: <command moreinfo="none">The guest account if a guest service,
57 else <empty string>.</command></para>
59 <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane,
60 @users, @pcgroup</command></para>