[Samba] Samba local user without /etc/passwd
Gionatan Danti
g.danti at assyoma.it
Thu Jul 9 19:48:55 UTC 2015
Il 09-07-2015 14:05 Rowland Penny ha scritto:
>
> You can have users in /etc/passwd or AD, you cannot have the same user
> in both, or anywhere else. A local user cannot connect to anything but
> local directories and then only if they have the required permissions
> set.
>
> Rowland
Uhm, I think there is an misunderstanding here, possibly due to my bad
english.
1) I 100% agree that local users are, well, local users. So the domain
does not know anything about that users (how it could?)
2) I 100% agree that domain users are _remote_ users, that don't need to
exists on the local machine.
3) What I am wondering is if, domain take aside, I can create a local
user _only inside the tdbsam database_, without touching the /etc/passwd
file at all. Basically, I would like to have "samba-private" users,
without messing with the real Linux users. I understand that this pose a
permission problems - after all, samba runs with user's credential.
However, I wonder if something like windbind can solve these issues.
To tell it with a graph, it would be nice if, issuing a "getent user"
command, the system:
- using the nsswitch, asks winbind (or something similar) to find the
user;
- winbind (or the likes) search the tdbsam database and return a UID/GID
values (similar to how domain users works)
- files/ACL can be then matched against the windbind (or the likes)
assigned UID/GID, even without a real backing Unix user.
Sorry if it seems a strange question, I'm only trying to understand
here.
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8
More information about the samba
mailing list