[Samba] Samba local user without /etc/passwd

Gionatan Danti g.danti at assyoma.it
Fri Jul 10 17:20:03 UTC 2015 

Il 10-07-2015 09:48 mathias dufresne ha scritto:
> Hi Gionatan,
> 
> You can have user only declared into tdb at least when samba is acting
> as domain controller. In that case this user become also a system user
> as domain users purpose is to be system users, also used for file
> sharing.
> 

OK, this part was missing from my head ;)
So what I asked is possibile _only_ when Samba _is_ the domain 
controller.
Maybe this is obvious, but I was missing it...

> 
> Now if you have a Samba acting as file server and only file server,
> retrieving its system users from winbind and /etc/passwd you can use
> any of these users to add them into this samba's tdb as samba users
> for they can access to file shared by this samba server.
> 
> The point is there are two kind of users: Samba users to access shares
> and system users to access files. Samba must be able to to translate
> its own users into system users.
> Samba users are used to access Samba shares and system users are used
> to access files and directory, this because file system are part of
> system layer.
> 

Sure. What I was asking myself was "does it exists a method/binary which 
integrate within nsswitch "a-la-winbind" to provide username enumeration 
and translation, only looking inside the tdb files without requiring 
/etc/passwd?"
Your comment above basically replied to my question, thanks.

> What you speak about make me think about pureftpd virtual users. With
> pureftpd you can declare a user "toto" as pureftpd user and associate
> this "toto" user to any other system user (declared in /etc/passwd,
> some ldap tree, AD or anything you can imagine). But the process is
> the same: pureftpd authenticate remote user then use system user to
> access files, then the system decide if this user can access or not to
> the files...
> 
> Cheers,
> 
> mathias
> 

Ok, all clear now.
Mathias, Rowland... thanks for your reply... and for your patience :)

-- 
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8

More information about the samba mailing list