[Samba] question re multiple backends and the 'guest' backend

Jerome Alet alet at librelogiciel.com
Fri Apr 27 06:21:35 GMT 2007

On Thu, Apr 26, 2007 at 03:05:05PM +0100, J Xu wrote:
> I am exactly in the situation as Jerome described. I
> keep most of samba users in an ldap database while
> still maintain a few users locally. This gave me the
> flexibility that those users do not depend on ldap.

Exactly what I wanted to do.

Actually I'm on Debian Sarge and have all my Samba
users defined locally.

Since three years, every night, a batch script is run which extracts 
users that were added today to the central LDAP server of the 
University, with an LDAP filter based on a few criterias, and 
"duplicate" them on the local system (with a different password 

To these users who come indirectly (not at the samba level) from 
LDAP, in fact student accounts, I locally add accounts for people 
who come maybe 2 or 3 days a year (some professors) and that nobody 
wants to add to the central LDAP server (which needless to say is 
not managed by me). So these users are only defined locally.

Now since last September the central LDAP server was modified to 
include the Samba schema and could (theorically, not tested by me 
yet) be used from my local Samba PDC directly to grab its user 

I was really happy to learn that, and planned both to upgrade
my Sarge system to Etch, and use that central LDAP server
to not have to duplicate accounts every day, all before
next September.

But I can't do it, since I still need my "2/3 days a year" local user
accounts, and newer releases of Samba don't allow me to do this
(if I understand correctly).

So my choice is :

        - Keep Sarge forever.
or :        

        - Continue this duplication shit.
or :        

        - Install a local LDAP server which will be a partial
          replicate of the central one, and to which I'll add
          my needed local users.
or :          

        - ? Drop Samba (just joking)

This really sucks especially because at the system level user accounts
CAN come from different places in a chained configuration with the
help of /etc/nsswitch.conf

Is there any good reason to have made this change ?
Is there any plan to reintroduce the functionnality at a later date ?


Jerome Alet

More information about the samba mailing list