[Samba] distributing samba users to the local systems

mathias dufresne infractory at gmail.com
Tue Jul 12 11:39:08 UTC 2016 

Hi,

Let me try to re-formulate, please tell me if I'm wrong.

You have a bunch of users declared locally in /etc/passwd or something like
that on one system.

Now you would like to have another system using this users list with Samba.
You also want these users to be valid only as long as the share exist.
You don't want these users to be able to connect on system(s).

If I'm right, that sounds possible and not too complex to achieve, with a
minimum knowledge of UNIX systems. We can discuss about that once I know if
my understanding of your request was good enough ;)

Cheers,

mathias

2016-07-12 2:10 GMT+02:00 Xen <list at xenhideout.nl>:

> I want to ask what is the most common approach, and most functional
> smallest-subset-technology approach to achieving the following.
>
>
> - a samba server is using different users for its clients and these users
> are general unix users, owning files and whatnot on the fs.
>
> - a linux system as client now wants to "import" the users from the server
> without making them /fixed/ unix/passwd users on the local system
>
> - the users need to be imported from a kind of directory service (ldap or
> whatever) or perhaps "active directory" or whatever it might be, and those
> extra virtual users are only valid for as long as the samba shares
> themselves are valid and accessible.
>
> Mind you, I know nothing about "active directory" or "domain controllers"
> or what it might be. I also have very little understanding of what
> "nsswitch" is and the documentation for it and the entire system itself
> seems to be rather arcane.
>
> It would require on the client:
> - an additional source of local users that cannot actually be logged in
> to, but only serve as user interface elements.
> Perhaps these local users would need to be mapped onto random numbers or
> something, but normally with unix extensions you see the raw numbers of the
> users on the central system (server).
>
> So either those numbers would need to be replaced by names at domain while
> crossing the link and then mapped back to new numbers on the local system,
> that has imported the names at domain, or you'd need to find a fixed "range"
> of numbers for users that can stay fixed from system to system.
>
> I haven't even been able to get idmapping to work for NFS, it just won't
> work. I was using a "static" file for that but the thing would never read
> the static maps.
>
> It would require on the server:
>
> - a set of local users transformed into a directory service that clients
> can import or know about.
>
>
> Is this possible and what technologies would I need for it?
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list