samba - Apr 2007 - question re multiple backends and the 'guest' backend

An inherited system has the following configuration:

   passdb backend = ldapsam:ldap://10.10.10.10 smbpasswd guest

What is the purpose of using multiple backends?  The smb.conf man page
simply states that each backend will be searched in turn but why would
one ever use such a setup?

Secondly, the man page does not mention the 'guest' backend.  To me
such a backend implies that an authentication challenge would never be
refused (guest is a catchall).

Comments?

Peter




      Be smarter than spam. See how smart SpamGuard is at giving junk email the
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca

I suspect that "guest" will simply allow someone to log on as a guest 
with whatever privileges (usually none) you give to guests.


Peter Matulis wrote:
> An inherited system has the following configuration:
>
>    passdb backend = ldapsam:ldap://10.10.10.10 smbpasswd guest
>
> What is the purpose of using multiple backends?  The smb.conf man page
> simply states that each backend will be searched in turn but why would
> one ever use such a setup?
>
> Secondly, the man page does not mention the 'guest' backend.  To me
> such a backend implies that an authentication challenge would never be
> refused (guest is a catchall).
>
> Comments?
>
> Peter
>
>
>
>
>       Be smarter than spam. See how smart SpamGuard is at giving junk email
the boot with the All-new Yahoo! Mail at
http://mrd.mail.yahoo.com/try_beta?.intl=ca
>
>

>> 
>> We also removed the support foir multiple passdb
backends in latest
>> versions of samba IIRC, so passdb backend should
never list more than 1
>> backend.
>
> Does this means it's not possible anymore to have
most users coming 
> from an LDAP server, and to have additional "local"
users (because 
> they can't be added to the LDAP server which is
managed by other 
> people, for example) ? 
>
> If this is not possible anymore this sucks.
I am exactly in the situation as Jerome described. I
keep most of samba users in an ldap database while
still maintain a few users locally. This gave me the
flexibility that those users do not depend on ldap.

I checked the release notes, the support for multiple
backends in a chained configuration was dropped since
v3.0.23. This is really bad as we planned to upgrade
to Debian etch which has v3.0.24 (I tested and can
confirm that mixing multiple backends together is not
supported).

Just wonder if there is any sound reason why this
feature is dropped, other than maybe making adding
users/groups/machines comlicated for a PDC
configuration? Is there any plan to re-enable this
feature sometime later?

Thanks,

J


      ___________________________________________________________ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign
up for
your free account today
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html