[Samba] distributing samba users to the local systems

Jeremy Allison jra at samba.org
Tue Jul 12 21:26:37 UTC 2016 

On Tue, Jul 12, 2016 at 02:10:41AM +0200, Xen wrote:
> I want to ask what is the most common approach, and most functional
> smallest-subset-technology approach to achieving the following.
> 
> 
> - a samba server is using different users for its clients and these
> users are general unix users, owning files and whatnot on the fs.
> 
> - a linux system as client now wants to "import" the users from the
> server without making them /fixed/ unix/passwd users on the local
> system
> 
> - the users need to be imported from a kind of directory service
> (ldap or whatever) or perhaps "active directory" or whatever it
> might be, and those extra virtual users are only valid for as long
> as the samba shares themselves are valid and accessible.
> 
> Mind you, I know nothing about "active directory" or "domain
> controllers" or what it might be. I also have very little
> understanding of what "nsswitch" is and the documentation for it and
> the entire system itself seems to be rather arcane.
> 
> It would require on the client:
> - an additional source of local users that cannot actually be logged
> in to, but only serve as user interface elements.
> Perhaps these local users would need to be mapped onto random
> numbers or something, but normally with unix extensions you see the
> raw numbers of the users on the central system (server).
> 
> So either those numbers would need to be replaced by names at domain
> while crossing the link and then mapped back to new numbers on the
> local system, that has imported the names at domain, or you'd need to
> find a fixed "range" of numbers for users that can stay fixed from
> system to system.
> 
> I haven't even been able to get idmapping to work for NFS, it just
> won't work. I was using a "static" file for that but the thing would
> never read the static maps.
> 
> It would require on the server:
> 
> - a set of local users transformed into a directory service that
> clients can import or know about.
> 
> 
> Is this possible and what technologies would I need for it?

This sounds like NIS/YP to me :-). But I'm old... :-).

More information about the samba mailing list