[Samba] Automatic creation of local users

L.P.H. van Belle belle at bazuin.nl
Tue Dec 20 10:41:53 UTC 2016 

See below..  

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: dinsdag 20 december 2016 11:26
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Automatic creation of local users
> 
> On Tue, 20 Dec 2016 11:10:30 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> 
> 
> > >
> > > No, a user is either a Unix user or a windows user that is also a
> > > Unix user. You cannot have a user in /etc/passwd and in AD.
> > Thats not what i meant its OR a linux user OR a windows user.
> > But which you create is depending on the need.
> > I can create a linux user to manipulate things as windows user on
> > windows shares per server. Or i can create a windows
> > "buildin\username" which can be use "per server" But with care for
> > both since, the id of this user dont have to be the same.
> >
> > Your ok with this? This is how i use it.
> > I'll try to make these thing more clear next time.
> 
> The only thing I would change there would be is 'dont', you cannot have
> a user with the same in /etc/passwd and AD, i.e. the user 'fred' cannot
> exist in /etc/passwd and AD. If you do have the user 'fred'
> in /etc/passwd and AD, which ever is found first by nsswitch will be
> used and to be honest, if you are using AD, there is absolutely no
> reason for user 'fred' to exist in /etc/passwd if he also exists in AD.

But not clear enough? That exactly what i ment. 
Arg..  i see , 
> > I can create a linux user to manipulate things as windows user on
> > windows shares per server. Or i can create a windows
> > "buildin\username" which can be use "per server" But with care for
> > both since, the id of this user dont have to be the same.

What i mean here is. 
You can create  a windows user in the AD ( windows\buildin user ) 
Which wil be a local user. 
This one can be used on multple servers but only localy per server. 

OR 
You can create on server 1 a linux user which maps to idmap config *
A buildin user and is seen as a local user. 
This user MUST NOT be used on multple servers but only localy on the server its created on. 

And in general you SHALL NEVER create the same username as linux user and windows user.


Now Rowland an idea.. . im thinking, i was reading a lot of RFC's lately.
And this maybe very handy to use on the list also. Think about it. 
And what do others think about this? Of the use of these Terminology. 
User who help others on the list can be bit more clear this way. 


2.3 Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described below.

   1. MUST   This word, or the terms "REQUIRED" or "SHALL", mean that
      the definition is an absolute requirement of the specification.

   2. MUST NOT   This phrase, or the phrase "SHALL NOT", mean that the
      definition is an absolute prohibition of the specification.

   3. SHOULD   This word, or the adjective "RECOMMENDED", mean that
      there may exist valid reasons in particular circumstances to
      ignore a particular item, but the full implications must be
      understood and carefully weighed before choosing a different
      course.

   4. SHOULD NOT   This phrase, or the phrase "NOT RECOMMENDED" mean
      that there may exist valid reasons in particular circumstances
      when the particular behavior is acceptable or even useful, but the
      full implications should be understood and the case carefully
      weighed before implementing any behavior described with this
      label.

   5. MAY   This word, or the adjective "OPTIONAL", mean that an item is
      truly optional.  One vendor may choose to include the item because
      a particular marketplace requires it or because the vendor feels
      that it enhances the product while another vendor may omit the
      same item.  An implementation which does not include a particular
      option MUST be prepared to interoperate with another
      implementation which does include the option, though perhaps with
      reduced functionality.  In the same vein an implementation which
      does include a particular option MUST be prepared to interoperate
      with another implementation which does not include the option
      (except, of course, for the feature the option provides.)


Greetz, 

Louis



> 
> Rowland
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list