[Samba] Samba local user without /etc/passwd
rowlandpenny241155 at gmail.com
Thu Jul 9 12:05:05 UTC 2015
On 09/07/15 12:19, Gionatan Danti wrote:
> On 09/07/15 12:25, Reindl Harald wrote:
>>> In short: while my samba server is connected to the AD domain, I would
>>> also like to have some local (non domain) user for other tasks.
>>> It is my understanding that for a local samba user I _need_ to create
>>> the relative unix user (using useradd) and then use the samba-provided
>>> tool smbpasswd. I simply wonder if it is possible to create local users
>>> using _only_ smbpasswd (or equivalent), without messing with the real
>>> local unix user table stored in "/etc/passwd" (hence the world
>> the smbd process is running as your user for security and permissions
>> as which user should it run without a unix user
> I perfectly understand your reasons.
> My question stems from the fact that, while connected to an AD domain,
> samba (or better, winbind) is impersonating remote users without
> problems. This is done using the "winbind" keyword in /etc/nsswitch.conf
What you have to understand is that, when a machine is part of a domain,
you can have local users that authenticate
via /etc/passwd, but these local users are unknown to the domain. You
also have domain users that can be made known to the local system.
> So, I wonder if winbind is capable of doing something similar with
> tdbsam users, impersonating them _without_ a local entry in
> /etc/passwd. Basically, what I want is to tell samba/winbind "do the
> same thing you are doing for AD, but using tdbsam as backend".
You can have users in /etc/passwd or AD, you cannot have the same user
in both, or anywhere else. A local user cannot connect to anything but
local directories and then only if they have the required permissions set.
> While I suspected that it is not possible, I liked a direct
> confirmation from the list...
More information about the samba