managing users from smbpasswd rather than /etc/passwd

Andrej Borsenkow borsenkow.msk at sni.de
Thu Sep 24 07:30:11 GMT 1998 

Authentication with server does not require you to have Unix account. If it
exists, smbd will run as such user. If not, smbd will run as guest user
(defaults to nobody). the same applies to NT domain support in current
samba-2 alpha.

Home shares is no problem using standard substitutions.

What is *really* tricky, is access control. It is no more possible to manage
access rights to single file. The only thing you can do, is to restrict
access to share using config file includes/substitutions. This is very
tedious - so far there is no access to NT groups (not in samba-2 as well),
so you will have to list every user - hardly acceptable.

There are plans to support "userless" samba server with true NT domain
security model, I cannot even imagine when it can be released.

Probably your best bet is to use some tool to sync NT users with Unix. There
were plenty discussed here; even Microsoft provides some.

/Andrej

> -----Original Message-----
> From: samba at samba.anu.edu.au [mailto:samba at samba.anu.edu.au]On Behalf Of
> Tony Nugent
> Sent: Wednesday, September 23, 1998 6:02 AM
> To: Multiple recipients of list
> Subject: managing users from smbpasswd rather than /etc/passwd
>
>
> I have samba installed on a web server (behind a firewall).  It's working
> fine with all the WINS networking here (eg, password authentication from
> the NT servers, etc).
>
> I (we) want this web server - a linux redhat 5.x box currently running
> samba-1.9.18p8 - to have as few actual unix login accounts as possible.
>
> What I want/need to do is to allow LOTS of people in the faculty here
> "network neighbourhood" read/write access on this machine for the purpose
> of managing:
>
> (1) their own home web page
> (2) unit/subject areas (which more than one person may need to have write
>     access to)
> (3) specific subject/unit areas in /home/ftp
>
> I would much rather do this without touching /etc/passwd at all.
>
> So, my question is...
>
> Is it possible to specify user/group IDs and home directories for samba to
> use for specific (NT-server authenticated) users from the smbpasswd file
> alone?
>
> Or am I restricted to using /etc/passwd for this sort of management, with
> disabled unix login password fields and /bin/false as a login shell for
> these users?
>
> Cheers                                                         .
> Tony  __________  Tony Nugent            >> - Linux -  <<  _--_|\
>  / / / / __/ __ \ linux at usq.edu.au       >> UNIX power << /     *\
> / /_/ /\ \/ /_/ / Tony.Nugent at usq.edu.au >>  on a pc!  << \_.--._/
> \____/___/\___\_\ UNIX Systems Officer, Faculty of Science      v
>  University of Southern Queensland, Toowoomba Oueensland Australia
> -=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-=*#*=-
>
>

More information about the samba mailing list