[Samba] samba password server without Unix users?

Dominique Petitpierre Dominique.Petitpierre at adm.unige.ch
Fri Jan 28 16:20:33 GMT 2005


I am setting up a samba server that will be used only for
password checking. It is configured with the ldapsam backend.

- is there a way to configure samba to not check the existence of
users on the underlying Unix OS?

I mean, the search performed in the LDAP server provides all the
useful passwd information that is available with getpwnam(), namely:
uid uidNumber gidNumber homeDirectory.  The existence of a
corresponding Unix user is only important on the client samba servers
that will provide data (shares, home, etc).

Here is the LDAP search performed by samba when checking a password:

  SRCH base="dc=unige,dc=ch" \
       scope=2 \
       filter="(&(uid=test)(objectClass=sambaSamAccount))" \
       attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet \
              sambaPwdCanChange sambaPwdMustChange sambaLogonTime \
              sambaLogoffTime sambaKickoffTime cn displayName \
              sambaHomeDrive sambaHomePath sambaLogonScript \
              sambaProfilePath description sambaUserWorkstations \
              sambaSID sambaPrimaryGroupSID sambaLMPassword \
              sambaNTPassword sambaDomainName objectClass \
              sambaAcctFlags sambamungeddial sambabadpasswordcount \
              sambabadpasswordtime sambapasswordhistory \
              modifyTimestamp sambalogonhours modifyTimestamp"

To make the password checking work, I had to configure nss_ldap, which
causes the following LDAP search:

SRCH base="dc=unige,dc=ch"
      scope=2 \
      filter="(&(objectClass=posixAccount)(uid=test))" \
      attrs="uid userPassword uidNumber gidNumber cn homeDirectory \
             loginShell gecos description objectClass"

If nss_ldap is not configured, samba complains with the debug
   User test in passdb, but getpwnam() fails!

It would be nice to avoid that useless secondary LDAP search
(and the trouble of configuring nss_ldap).

Best regards,

Mr Dominique Petitpierre       Email: User at Domain
Division Informatique                 User=Dominique.Petitpierre
University of Geneva                  Domain=adm.unige.ch

More information about the samba mailing list