managing users from smbpasswd rather than /etc/passwd

Frank Berger berger at hpbbn.bbn.hp.com
Thu Sep 24 08:37:03 GMT 1998


On Thu, 24 Sep 1998 samba at samba.anu.edu.au wrote:

Hello,

I have basically the same problem, and would like to know if there is a
solution...

> >From my experience, Samba needs a login to exist in /etc/passwd in order to be
> possible to have it in smbpasswd. The Unix password in /etc/passwd (or shadow)
> is irrelevant, though. You might even make all Samba users un-loginnable,
> shell-wise (by assigning then bogus passwords).

My Problem is: I'm not allowed to add ANY account to /etc/passwd...
(basically nobody around is... we have to request them...) 

another Problem is: The guy who administrates the 'Publishing-shares'
won't be allowed to fiddle arround in any root-owend files, so he/she
would have to call somebody to add an account (of a type which is not of
any known procedure (it is hard to get a login with a home diffrent from 
/home/$USER, you can imagine what they would say if a want to have a 
disabled user, with no password at all AND no home..))

> It should be a simple matter to write administrative shell scripts that create
> a user both in /etc/passwd and /usr/blahblah/samba/blahblah/smbpasswd, then
> run the smbpasswd program to assign the proper Samba password.

The solution I would like to have is: I'm already doing a forceuser to a
dummy user in each shareconfig, Authentification for the share would be
normal NT-Domain logons and passwords (so I would ask a PDC or BDC if the
requesting user is giving the correct password)...

so a solution would be that samba is honouring the user in the ForceUser
tag as the 'working' User, combined with configured restrictions for
accessing the share in mind. (without trying to find a lokal User with the
same name as the Domain\User)
or
it should be possible to have a 'fake' passwd for samba, so it doesn't
look into /etc/passwd but into /etc/smbpasswd, shouldn't it?

Regards, 
	Frank Berger

    --------------------------------------------------------------------
    | Frank Berger              | E-Mail  : berger at isoit235.bbn.hp.com |
    | (ASE-WWW)                 | Phone   : (49)7031 626 1203          |
    | Hewlett Packard GmbH      |           [telnet] 702 1203          |
    | Boeblingen, Germany       | Location: Bldg. A1 Lev.4 C2          |
    --------------------------------------------------------------------
    |  seen on a white board   \  if (you.canRead(this))               |
    |  during a Java conference \     you.canGet(new job(!problem));   |
    --------------------------------------------------------------------



More information about the samba mailing list