[Samba] LDAP: Mixing local and LDAP-Users

Gaiseric Vandal gaiseric.vandal at gmail.com
Tue Oct 4 13:17:59 MDT 2011

On 10/04/2011 01:21 PM, Felipe Augusto van de Wiel wrote:
> Hash: SHA512
> On 04-10-2011 04:16, Daniel Müller wrote:
>> When you use LDAP?! Why do you need local users and ldap users?
>> Just you need LDAP that’s all.
> I'm pretty sure different networks have differents demands.
> This is not "one rule fit them all".
> Kind regards,
> - -- 
> Felipe Augusto van de Wiel<felipe.wiel at hpp.org.br>
> Tecnologia da Informação (TI) - Complexo Pequeno Príncipe
> http://www.pequenoprincipe.org.br/    T: +55 41 3310 1747
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> HcjT1L+tjpsUswgjupVnN4xQT5tAG92BfUoQJ0Qtw9ZMSjW3JOnGsp2BHfhAehrZ
> 7dZ+vsKjFSNrK2HmfCIQUiIxe1RZ5Gipsp7IVtJMEtUfQYah2bMdLp78JyGDEERT
> ojMc97DWhRL1do2bE1MnNCVDU5o93OdZzEIAOo5jhj3yjqsGxnqnzPAy9TMvfpDD
> RIeCFlM6jKHvlrHfUmgQAA7b83MS7tPSAQoJTxAPVmXW98JeAuhhAfGPoowd5K+d
> xoHCaGwLrbhBvCJmWogos/yXPPwXs3g72Dn2tBwbWUZd6YtsZzEb1Gdv4umq/G1m
> UZMkafPjRPGjo45MeqOFiH/W1HuUB/FjYi5oRbPVzyYwalPexl+Jh3dgBxq0tB3B
> MM2gmCu+v3S+PFbB6mDa3Z2S9yiRUY2eQZQvgfwvlGb2Bssdclj5adQBu/Y9GvWi
> W+IeDtHxMWu7G0M0XLNg/oHWLNSOE4XkQceSu6G6T6BnkgCGM2PkXY+hP3JY4epf
> 2Y2J65eY08L8nnpQkDL3oSrvaEc8+YuvM174E0mq/WPenoDcdBWVta1ixXOeVcqi
> zq3RqPtZzulqYeTv4iWgYjN1TMToWlyHcxQmDD37RAUIRvtvlhDLSqTvKIw1DTGD
> =HJdF

Windows OS domain members will at least have a local Administrator 
account.    I have two member servers and two DC's.  All use LDAP for 
unix backends.  One member server uses TBD backed for the one local user 
(Administrator) -  though the unix account for the Administrator is 
actually the same as the domain Administrator.     It also uses tbd for 
group mappings.  The 2nd member server does not have any local samba 
accounts or groups.    The samba shares are pretty open since we rely on 
the local unix permissions for security, and set them via unix not 
windows.    But if I wanted to manage perms from windows clients I would 
probably need to define the local Administrator user, local Admins 
group, and local users group.

More information about the samba mailing list