[Samba] ADS and local user account authentication

[alan.cl.wong at nokia.com]

Hi,

	I have a problem which I've been searching the Internet for a
day and still can't resolve.

Basically we have our Samba server joined to our ADS but we have a need
to have local user accounts on the Samba server authenticated also
because we cannot have them in the ADS. All required workstations have
these accounts as local accounts not domain accounts. The question is
how can I do this? I tried to modify the pam.d/login and pam.d/samba and
also playing with the users.map file. Yes the smbpasswd file contains
the correct information.

Pam.d/login and pam.d/samba looks like this (just about):

auth       required     pam_nologin.so
auth       sufficient   pam_smbpass.so nodelay
auth       sufficient   pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

The only thing that seems to work is when prompt for the password to
give "<sambaservername>\<thelocaluser>"

I tried to play with the users.map file to give something like:

Samba\user = user

But Samba then takes it as [domain]\Samba\user at system

Anyone have any ideas how I can get the local accounts in Samba
authentication to work?

Thanks in advance!!!

Cheers,
-Alan