Accounts for Samba and Linux

Lars Kneschke lk at NetUSE.DE
Thu Jan 20 08:53:53 GMT 2000


Jens Wiesecke wrote:
> 
> Hi,
> 
> I just started to build up a Samba-Server running under Linux (RH 6.1).
> At the end I want to establish the Samba-Server as
> BackupDomainController or PrimaryDomainContrioller of a NT 4.0 Domain.
> In this context some security questions came up. They claimed that
> _every_  NT-account must also have an Linux-account and this would open
> up some security holes in the NT-domain. 
Why?

> Is it true that every
> Samba-user needs an Linux-account ?
Yes. You need the unixaccounts to check the userrights on the
filesystem on the server.

> Note:
> I don't think that an additional Linux-Account would open extra security
> problems. I would just set /dev/none as default shell (and would have no
> mail-, http-, telnet-, ftp- etc. server running).
Yes. You can set /bin/false as login-shell and you can lock the
account in the shadow passwordfile. Don't know how this could be
unsecure.

Cu
-- 
Lars Kneschke
NetUSE Kommunikationstechnologie GmbH
Siemenswall, D-24107 Kiel, Germany
Fon: +49 431 386435 00  --  Fax: +49 431 386435 99


More information about the samba-ntdom mailing list