Hi list, I have a (naive?) question about samba local users. My system: CentOS 6.6 w/Samba 3.6, connected to an AD Domain through Winbind. When creating a local user, I always first create a Unix user with passwd and then I use smbpasswd -a <unixuser> to establish the mapping between the tdbsam database and the local /etc/passwd file. I wonder if, using the tdbsam in conjunction with winbind, the local unix user (stored in /etc/passwd) creation can be bypassed. After all, it's winbind's role to map "virtual" user to real unix ID. So, my question is: there is a method to create a "virtual" user, only stored inside the tdbsam database, without touching the real unix local users (stored inside /etc/passwd). Thank you all. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8
Hello Gionatan, Am 09.07.2015 um 10:05 schrieb Gionatan Danti:> When creating a local user, I always first create a Unix user with > passwd and then I use smbpasswd -a <unixuser> to establish the mapping > between the tdbsam database and the local /etc/passwd file. > > I wonder if, using the tdbsam in conjunction with winbind, the local > unix user (stored in /etc/passwd) creation can be bypassed. After all, > it's winbind's role to map "virtual" user to real unix ID. > > So, my question is: there is a method to create a "virtual" user, only > stored inside the tdbsam database, without touching the real unix local > users (stored inside /etc/passwd).If you really want to create a _local_ user on your member server, the account must exist local. For _domain_ users, you don't need a local account. Regards, Marc
On 09/07/15 09:05, Gionatan Danti wrote:> Hi list, > I have a (naive?) question about samba local users. > > My system: CentOS 6.6 w/Samba 3.6, connected to an AD Domain through > Winbind. > > When creating a local user, I always first create a Unix user with > passwd and then I use smbpasswd -a <unixuser> to establish the mapping > between the tdbsam database and the local /etc/passwd file. > > I wonder if, using the tdbsam in conjunction with winbind, the local > unix user (stored in /etc/passwd) creation can be bypassed. After all, > it's winbind's role to map "virtual" user to real unix ID. > > So, my question is: there is a method to create a "virtual" user, only > stored inside the tdbsam database, without touching the real unix > local users (stored inside /etc/passwd). > > Thank you all. >A bit lost here, if you are using samba as an AD client, you cannot have a local user with the same name as an AD user. Users are either 'local' or 'domain', I do not really understand your concept of a 'virtual' user. Rowland
On 09/07/15 10:26, Marc Muehlfeld wrote:> Hello Gionatan, > > Am 09.07.2015 um 10:05 schrieb Gionatan Danti: >> When creating a local user, I always first create a Unix user with >> passwd and then I use smbpasswd -a <unixuser> to establish the mapping >> between the tdbsam database and the local /etc/passwd file. >> >> I wonder if, using the tdbsam in conjunction with winbind, the local >> unix user (stored in /etc/passwd) creation can be bypassed. After all, >> it's winbind's role to map "virtual" user to real unix ID. >> >> So, my question is: there is a method to create a "virtual" user, only >> stored inside the tdbsam database, without touching the real unix local >> users (stored inside /etc/passwd). > > > If you really want to create a _local_ user on your member server, the > account must exist local. For _domain_ users, you don't need a local > account. > > > Regards, > Marc >Ok, so here the "local" word must be taken seriously: it _really_ had to exists locally. Thanks for confirmation. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8
On 09/07/15 10:34, Rowland Penny wrote:> > A bit lost here, if you are using samba as an AD client, you cannot have > a local user with the same name as an AD user. Users are either 'local' > or 'domain', I do not really understand your concept of a 'virtual' user. > > Rowland >In short: while my samba server is connected to the AD domain, I would also like to have some local (non domain) user for other tasks. It is my understanding that for a local samba user I _need_ to create the relative unix user (using useradd) and then use the samba-provided tool smbpasswd. I simply wonder if it is possible to create local users using _only_ smbpasswd (or equivalent), without messing with the real local unix user table stored in "/etc/passwd" (hence the world "virtual). Regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti at assyoma.it - info at assyoma.it GPG public key ID: FF5F32A8