[Samba] question re multiple backends and the 'guest' backend
Jerome Alet
alet at librelogiciel.com
Fri Apr 27 06:21:35 GMT 2007
On Thu, Apr 26, 2007 at 03:05:05PM +0100, J Xu wrote:
>
> I am exactly in the situation as Jerome described. I
> keep most of samba users in an ldap database while
> still maintain a few users locally. This gave me the
> flexibility that those users do not depend on ldap.
Exactly what I wanted to do.
Actually I'm on Debian Sarge and have all my Samba
users defined locally.
Since three years, every night, a batch script is run which extracts
users that were added today to the central LDAP server of the
University, with an LDAP filter based on a few criterias, and
"duplicate" them on the local system (with a different password
though).
To these users who come indirectly (not at the samba level) from
LDAP, in fact student accounts, I locally add accounts for people
who come maybe 2 or 3 days a year (some professors) and that nobody
wants to add to the central LDAP server (which needless to say is
not managed by me). So these users are only defined locally.
Now since last September the central LDAP server was modified to
include the Samba schema and could (theorically, not tested by me
yet) be used from my local Samba PDC directly to grab its user
accounts.
I was really happy to learn that, and planned both to upgrade
my Sarge system to Etch, and use that central LDAP server
to not have to duplicate accounts every day, all before
next September.
But I can't do it, since I still need my "2/3 days a year" local user
accounts, and newer releases of Samba don't allow me to do this
(if I understand correctly).
So my choice is :
- Keep Sarge forever.
or :
- Continue this duplication shit.
or :
- Install a local LDAP server which will be a partial
replicate of the central one, and to which I'll add
my needed local users.
or :
- ? Drop Samba (just joking)
This really sucks especially because at the system level user accounts
CAN come from different places in a chained configuration with the
help of /etc/nsswitch.conf
Is there any good reason to have made this change ?
Is there any plan to reintroduce the functionnality at a later date ?
TIA
Jerome Alet
More information about the samba
mailing list