[Samba] Samba w/o local users on Samba server?

[Matt Morgan]

On 6/6/05, Matt Morgan <minxmertzmomo at gmail.com> wrote:
> On 6/6/05, Robert Schuettler <rober at cis.fu-berlin.de> wrote:
> > Hi everyone,
> >
> > is it possible to have a Samba server without creating local accounts
> > for users on that server?
> >
> > Share level security doesn't count though. ;-) The idea is not to need
> > to create and update users on the Samba server itself (i.e. no local
> > users, no entries in /etc/passwd, etc).
> >
> > The documentation says something about  Domain and ADS level security
> > being basically just forms of user level security, so - for the moment-
> > it looks to me as if there's no way around creating those local users.
> > Is that correct?
> 
> Not quite, but you can save a few steps if you have some easy &
> dynamic way to create & maintain the local users.
> 
> We do linux auth against ADS with a combination of winbind, kerberos,
> pam_mkhomedir (to auto make the home dir), and pam_mount (to
> mount/unmount the shares automatically without the user needing root
> access, and no prior modifications to fstab). With that we have what
> you want, but it was pretty hard to set up. (I didn't do it--it was
> our genius network admin doing a ton of reading and a lot of trial and
> error. But we're not the only ones who've done it.)

Oh, I just read John Terpstra's response and realize that the OP was
asking about servers. I, of course, described how we do it for clients
(linux desktops on an ADS network). So, don't take my advice in this
case! (but pam_mkhomedir and pam_mount are really, really cool).