[Samba] Samba local user without /etc/passwd

Gionatan Danti g.danti at assyoma.it
Thu Jul 9 19:48:55 UTC 2015

Il 09-07-2015 14:05 Rowland Penny ha scritto:
> You can have users in /etc/passwd or AD, you cannot have the same user
> in both, or anywhere else. A local user cannot connect to anything but
> local directories and then only if they have the required permissions
> set.
> Rowland

Uhm, I think there is an misunderstanding here, possibly due to my bad 

1) I 100% agree that local users are, well, local users. So the domain 
does not know anything about that users (how it could?)

2) I 100% agree that domain users are _remote_ users, that don't need to 
exists on the local machine.

3) What I am wondering is if, domain take aside, I can create a local 
user _only inside the tdbsam database_, without touching the /etc/passwd 
file at all. Basically, I would like to have "samba-private" users, 
without messing with the real Linux users. I understand that this pose a 
permission problems - after all, samba runs with user's credential. 
However, I wonder if something like windbind can solve these issues.

To tell it with a graph, it would be nice if, issuing a "getent user" 
command, the system:
- using the nsswitch, asks winbind (or something similar) to find the 
- winbind (or the likes) search the tdbsam database and return a UID/GID 
values (similar to how domain users works)
- files/ACL can be then matched against the windbind (or the likes) 
assigned UID/GID, even without a real backing Unix user.

Sorry if it seems a strange question, I'm only trying to understand 

Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8

More information about the samba mailing list