[Samba] Avoiding local unix accounts with "force user". Is that
possible?
Andrei Nazarenko
a.nazarenko at gmail.com
Mon Sep 11 17:50:21 GMT 2006
Hello all,
I am using Samba as a file server with LDAP authentication.
Here is my samba.conf file:
[global]
server string = Samba
map to guest = Bad User
guest account = nobody
workgroup = OAAD
realm = OA.PNRAD.NET
security = ADS
[fileshare]
path = /srv/shared
valid users = user1, user2, user3
write list = user1, user2, user3
force user = samba
force group = samba
create mask = 0660
directory mask = 0770
browseable = No
Essentially, all the users like "user1", "user2", "user3" authenticate
via LDAP server, so no local user accounts database (like smbpasswd)
is needed. I also want all the authenticated users to become just
*one* actual unix user "samba" after successful authentication, so
that all files have the same ownership, hence the "force user / force
group" directives.
The above configuration works well for me, however, I still must have
Unix accounts user1, user2, etc., present in /etc/passwd, /etc/group
and /etc/shadow files for this configuration to work.
So my question is, basically, about getting rid of those local Unix
accounts. Is that possible somehow? I simply would like to have just
one local Unix user account "samba" belonging to the Unix group
"samba" and no other user accounts.
It is a tedious task to create (and especially manage!) Unix user
accounts if they are replaced at the end of the login procedure with a
common account anyway.
--
Regards,
Andrei Nazarenko
More information about the samba
mailing list