[Samba] Avoiding local unix accounts with "force user". Is that
possible?
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Mon Sep 18 13:46:08 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/11/2006 02:50 PM, Andrei Nazarenko escreveu:
> Hello all,
>
> I am using Samba as a file server with LDAP authentication.
> Here is my samba.conf file:
[...]
> Essentially, all the users like "user1", "user2", "user3" authenticate
> via LDAP server, so no local user accounts database (like smbpasswd)
> is needed. I also want all the authenticated users to become just
> *one* actual unix user "samba" after successful authentication, so
> that all files have the same ownership, hence the "force user / force
> group" directives.
>
> The above configuration works well for me, however, I still must have
> Unix accounts user1, user2, etc., present in /etc/passwd, /etc/group
> and /etc/shadow files for this configuration to work.
>
> So my question is, basically, about getting rid of those local Unix
> accounts. Is that possible somehow? I simply would like to have just
> one local Unix user account "samba" belonging to the Unix group
> "samba" and no other user accounts.
Yes, configure your nsswitch and your libnss to query
your LDAP server and you will get your LDAP accounts as UN*X
accounts.
> It is a tedious task to create (and especially manage!) Unix
> user accounts if they are replaced at the end of the login
> procedure with a common account anyway.
Kind regards,
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFFDqMgCj65ZxU4gPQRAuX3AJ9ev9CQm9b7fbLjmrOLlPqINfDJswCfZubH
Kk72pgvChw3WzY6LDyPG7tQ=
=Ea6c
-----END PGP SIGNATURE-----
More information about the samba
mailing list