[Samba] distributing samba users to the local systems

mathias dufresne infractory at gmail.com
Wed Jul 13 09:24:07 UTC 2016 

2016-07-12 23:26 GMT+02:00 Jeremy Allison <jra at samba.org>:

> On Tue, Jul 12, 2016 at 02:10:41AM +0200, Xen wrote:
> > I want to ask what is the most common approach, and most functional
> > smallest-subset-technology approach to achieving the following.
> >
> >
> > - a samba server is using different users for its clients and these
> > users are general unix users, owning files and whatnot on the fs.
> >
> > - a linux system as client now wants to "import" the users from the
> > server without making them /fixed/ unix/passwd users on the local
> > system
> >
> > - the users need to be imported from a kind of directory service
> > (ldap or whatever) or perhaps "active directory" or whatever it
> > might be, and those extra virtual users are only valid for as long
> > as the samba shares themselves are valid and accessible.
> >
> > Mind you, I know nothing about "active directory" or "domain
> > controllers" or what it might be. I also have very little
> > understanding of what "nsswitch" is and the documentation for it and
> > the entire system itself seems to be rather arcane.
> >
> > It would require on the client:
> > - an additional source of local users that cannot actually be logged
> > in to, but only serve as user interface elements.
> > Perhaps these local users would need to be mapped onto random
> > numbers or something, but normally with unix extensions you see the
> > raw numbers of the users on the central system (server).
> >
> > So either those numbers would need to be replaced by names at domain
> > while crossing the link and then mapped back to new numbers on the
> > local system, that has imported the names at domain, or you'd need to
> > find a fixed "range" of numbers for users that can stay fixed from
> > system to system.
> >
> > I haven't even been able to get idmapping to work for NFS, it just
> > won't work. I was using a "static" file for that but the thing would
> > never read the static maps.
> >
> > It would require on the server:
> >
> > - a set of local users transformed into a directory service that
> > clients can import or know about.
> >
> >
> > Is this possible and what technologies would I need for it?
>
> This sounds like NIS/YP to me :-). But I'm old... :-).
>

AD is somehow now meant also to replace them and that's fortunate :p


>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list