[Samba] Newbie Authentication Questions

Jeremy Allison jra at samba.org
Thu Oct 9 05:24:04 GMT 2003

On Wed, Oct 08, 2003 at 11:11:45PM -0400, Bill Robinson wrote:
> Well - the begining of that section says:
> "Samba-3 does not support Non-UNIX Account (NUA) operation for user accounts. 
> Samba-3 does support NUA operation for machine accounts."  
> So I guess that's possibly half of my problem solved.  
> I gather that even w/ tdbsam, mysqlsam or xmlsam the /etc/passwd entries are 
> still required for user accounts, but it seems that xmlsam is not a functional 
> backend.  
> So it seems that the only way to do away w/ having Samba accts (users, 
> machines) in /etc/passwd is to use ldap authentication for both Samba as well 
> as the OS itself.  Maybe I'm missing something?  
> Basically what I'm looking for is a way to have a unix box provide the NT 
> Domain service to a group (uh domain) of NT/2k servers, but have all the 
> authenticaton/accts/etc be compeletly self-contained in that service, and have 
> no correlation to the OS authentication/accts/etc - which is guess is the NUA 
> capability. 
> So maybe my question should be when will NUA be ready?

Hopefully never :-). NUA is a silly idea (IMHO) and I've
yet to be convinced of the use of it.

Look into "winbind enable local accounts", as it allows
winbindd to manage unix user accounts on your behalf, and
doesn't require a set of "imaginary" accounts that UNIX
knows nothing about.


More information about the samba mailing list