Ben Gras
2002-Jan-10 06:43 UTC
question: samba file sharing with ldap user db without having "unix users"?
All, Suppose I want to build a file server that will let users share their files using samba, but without requiring them having an entry in a passwd file, to make adding & removing users a bit less error/security-bug prone.. the samba server could set it's uid to the uid in the ldap directory for that user to allow the FS to seperate each other's files using uid's.. Building samba-2.2.2 --with-ldapsam stil requires a unix passwd file entry, AFAICS.. Is there a better way? Thanks :) =Ben
Andrew Bartlett
2002-Jan-10 13:33 UTC
question: samba file sharing with ldap user db without having "unix users"?
Ben Gras wrote:> > All, > > Suppose I want to build a file server that will let users share > their files using samba, but without requiring them having an entry > in a passwd file, to make adding & removing users a bit less > error/security-bug prone.. the samba server could set it's uid to > the uid in the ldap directory for that user to allow the FS to > seperate each other's files using uid's.. > > Building samba-2.2.2 --with-ldapsam stil requires a unix passwd file > entry, AFAICS..I'm looking at various insane ideas in this area. Currently the Samba Team policy is that all users should have an entry in whatever getpwnam() looks up. In your case this can be done with (assuming linux) nss_ldap. I'm looking into how this might be done 'more flexibly' :-) but this should do for you. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net
Gerald (Jerry) Carter
2002-Jan-12 03:06 UTC
question: samba file sharing with ldap user db without having "unix users"?
On Thu, 10 Jan 2002, Ben Gras wrote:> All, > > Suppose I want to build a file server that will let users share > their files using samba, but without requiring them having an entry > in a passwd file, to make adding & removing users a bit less > error/security-bug prone.. the samba server could set it's uid to > the uid in the ldap directory for that user to allow the FS to > seperate each other's files using uid's.. > > Building samba-2.2.2 --with-ldapsam stil requires a unix passwd file > entry, AFAICS..No. They don't have to be in /etc/passwd. btw...if you are interested in the LDAP code, please look at the latest SAMBA_2_2 cvs code. The code has been fixed a good bit. You need to obtain a uid for the user in some way (i.e. nss_ldap). chau, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--