Does a samba user must be a linux user ?

[Alexander Bokovoy]

On ti, 20 joulu 2016, Rowland Penny wrote:
> On Tue, 20 Dec 2016 12:22:49 +0000
> Fengwei <feng.wei at h3c.com> wrote:
> 
> > 
> > Hi all:
> > Thanks for your attention. I have a question about samba user.
> > I use the cmd ‘smbpasswd -a’ to add a samba user, it said that should
> > add a linux user before add it to samba, Does a samba user must be a
> > linux user ?
> > 
> 
> It all depends on how Samba is set up. On a standalone server, the
> Samba user must also be a Unix user or it will not be known to the
> underlying OS.
> On an AD domain member, the user must not be a local Unix user.
I think your answer is more confusing than not, Rowland. ;)

Samba processes run under POSIX user accounts on POSIX systems. If you
connect to the Samba server over SMB protocol, once you have
authenticated and authorized, Samba needs to establish which POSIX ID
will it switch to for the actual smbd process to be able to access files
under the identity of the authenticated user.

At this point the POSIX ID is something your underlying operating system
must know about. On many systems there is an interface in their libc
that allows to specify where the IDs are coming from with the help of
plugins the libc is loading into each user space process that performs
requests like getpwnam(), getpwuid(), getgrnam(), and others. On Linux
with glibc this pluggable interface is configured via
/etc/nsswitch.conf file.

So, yes, for each incoming SMB identity Samba needs to have a
corresponding POSIX ID available on the system. *How* that POSIX ID
comes in is less important here -- it can be something in /etc/passwd or
provided via some nss module -- they all still be POSIX IDs.

Same applies to the primary group of the SMB user in question -- Samba
needs to be able to map the primary group to the corresponding POSIX
group ID.

-- 
/ Alexander Bokovoy