[Samba] force re-authentication when accessing different shares
Rowland Penny
rpenny at samba.org
Mon Jan 21 17:08:50 UTC 2019
On Mon, 21 Jan 2019 12:54:00 -0400
Robert Marcano via samba <samba at lists.samba.org> wrote:
> On 1/21/19 11:04 AM, Rowland Penny via samba wrote:
> > On Mon, 21 Jan 2019 10:43:35 -0400
> > Robert Marcano via samba <samba at lists.samba.org> wrote:
> >
> >> On 1/21/19 10:24 AM, Harald Glanzer via samba wrote:
> >>> hello & thx for your fast response!
> >>>
> >>> i need a way to create samba shares without creating system user
> >>> accounts:
> >>>
> >>> - add users via smbpasswd with unique password
> >>> - no need for a corresponding useraccount in /etc/passwd
> >>> - access to the corresponding shares should be independent from
> >>> any domain (i.e. the share should be accessable
> >>> via windows client)
> >>
> >> Is't this a reimplementation on winbind nss interface?. Why not
> >> just use winbind with one of it's mapping strategies. I am pretty
> >> sure it should work for standalone servers.
> >>
> >
> > idmap_nss maps Unix users to Domain users, it needs users
> > in /etc/passwd, the OP doesn't want this.
>
> But shouldn't something like
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-2000000
>
> and the propper winbind entries on /etc/nsswitch.conf be enough?
No, it probably wouldn't, he would still need users in /etc/passwd.
>
> I am assuming Samba working on standalone mode will try to locate the
> user on the passwd database via nss and then the idmap config is
> used, looking for the user and creating a new mapping if not found.
The OP does not want users in /etc/passwd. I think the only way to do
this using the default Samba packages will be to run Samba as a
standalone server with users in ldap, but this still requires the users
to be stored in ldap. The OP seems to want the users creating as they
connect.
Rowland
More information about the samba
mailing list