[Samba] Samba local user without /etc/passwd

Davor Vusir davortvusir at gmail.com
Thu Jul 9 12:21:31 UTC 2015 

Well put, Rowland!

Regards
Davor

-- Skickat från mobilusken! --


----- Ursprungligt meddelande -----
Från: "Rowland Penny" <rowlandpenny241155 at gmail.com>
Skickat: ‎2015-‎07-‎09 14:07
Till: "samba at lists.samba.org" <samba at lists.samba.org>
Ämne: Re: [Samba] Samba local user without /etc/passwd

On 09/07/15 12:19, Gionatan Danti wrote:
>
> On 09/07/15 12:25, Reindl Harald wrote:
>>> In short: while my samba server is connected to the AD domain, I would
>>> also like to have some local (non domain) user for other tasks.
>>>
>>> It is my understanding that for a local samba user I _need_ to create
>>> the relative unix user (using useradd) and then use the samba-provided
>>> tool smbpasswd. I simply wonder if it is possible to create local users
>>> using _only_ smbpasswd (or equivalent), without messing with the real
>>> local unix user table stored in "/etc/passwd" (hence the world 
>>> "virtual)
>>
>> the smbd process is running as your user for security and permissions
>> as which user should it run without a unix user
>> root?
>>
>
> Hi,
> I perfectly understand your reasons.
>
> My question stems from the fact that, while connected to an AD domain, 
> samba (or better, winbind) is impersonating remote users without 
> problems. This is done using the "winbind" keyword in /etc/nsswitch.conf

What you have to understand is that, when a machine is part of a domain, 
you can have local users that authenticate
via /etc/passwd, but these local users are unknown to the domain. You 
also have domain users that can be made known to the local system.

>
> So, I wonder if winbind is capable of doing something similar with 
> tdbsam users, impersonating them _without_ a local entry in 
> /etc/passwd. Basically, what I want is to tell samba/winbind "do the 
> same thing you are doing for AD, but using tdbsam as backend".

You can have users in /etc/passwd or AD, you cannot have the same user 
in both, or anywhere else. A local user cannot connect to anything but 
local directories and then only if they have the required permissions set.

Rowland
>
>
> While I suspected that it is not possible, I liked a direct 
> confirmation from the list...
>
> Thanks.
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list