[Samba] force re-authentication when accessing different shares

Robert Marcano robert at marcanoonline.com
Mon Jan 21 16:54:00 UTC 2019

On 1/21/19 11:04 AM, Rowland Penny via samba wrote:
> On Mon, 21 Jan 2019 10:43:35 -0400
> Robert Marcano via samba <samba at lists.samba.org> wrote:
>> On 1/21/19 10:24 AM, Harald Glanzer via samba wrote:
>>> hello & thx for your fast response!
>>> i need a way to create samba shares without creating system user
>>> accounts:
>>> - add users via smbpasswd with unique password
>>> - no need for a corresponding useraccount in /etc/passwd
>>> - access to the corresponding shares should be independent from any
>>> domain (i.e. the share should be accessable
>>> via windows client)
>> Is't this a reimplementation on winbind nss interface?. Why not just
>> use winbind with one of it's mapping strategies. I am pretty sure it
>> should work for standalone servers.
> idmap_nss maps Unix users to Domain users, it needs users
> in /etc/passwd, the OP doesn't want this.

But shouldn't something like

   idmap config * : backend = tdb
   idmap config * : range = 1000000-2000000

and the propper winbind entries on /etc/nsswitch.conf be enough?

I am assuming Samba working on standalone mode will try to locate the 
user on the passwd database via nss and then the idmap config is used, 
looking for the user and creating a new mapping if not found.

> Rowland

More information about the samba mailing list