[Samba] Avoiding local unix accounts with "force user". Is that possible?

Andrei Nazarenko a.nazarenko at gmail.com
Mon Sep 11 17:50:21 GMT 2006

Hello all,

I am using Samba as a file server with LDAP authentication.
Here is my samba.conf file:

        server string = Samba
        map to guest = Bad User
        guest account = nobody
        workgroup = OAAD
        realm = OA.PNRAD.NET
        security = ADS

        path = /srv/shared
        valid users = user1, user2, user3
        write list = user1, user2, user3
        force user = samba
        force group = samba
        create mask = 0660
        directory mask = 0770
        browseable = No

Essentially, all the users like "user1", "user2", "user3" authenticate
via LDAP server, so no local user accounts database (like smbpasswd)
is needed. I also want all the authenticated users to become just
*one* actual unix user "samba" after successful authentication, so
that all files have the same ownership, hence the "force user / force
group" directives.

The above configuration works well for me, however, I still must have
Unix accounts user1, user2, etc., present in /etc/passwd, /etc/group
and /etc/shadow files for this configuration to work.

So my question is, basically, about getting rid of those local Unix
accounts. Is that possible somehow? I simply would like to have just
one local Unix user account "samba" belonging to the Unix group
"samba" and no other user accounts.

It is a tedious task to create (and especially manage!) Unix user
accounts if they are replaced at the end of the login procedure with a
common account anyway.


Andrei Nazarenko

More information about the samba mailing list