Dominique Petitpierre
2005-Jan-28 16:20 UTC
[Samba] samba password server without Unix users?
Hello,
I am setting up a samba server that will be used only for
password checking. It is configured with the ldapsam backend.
- is there a way to configure samba to not check the existence of
users on the underlying Unix OS?
I mean, the search performed in the LDAP server provides all the
useful passwd information that is available with getpwnam(), namely:
uid uidNumber gidNumber homeDirectory. The existence of a
corresponding Unix user is only important on the client samba servers
that will provide data (shares, home, etc).
Here is the LDAP search performed by samba when checking a password:
SRCH base="dc=unige,dc=ch" \
scope=2 \
filter="(&(uid=test)(objectClass=sambaSamAccount))" \
attrs="uid uidNumber gidNumber homeDirectory sambaPwdLastSet \
sambaPwdCanChange sambaPwdMustChange sambaLogonTime \
sambaLogoffTime sambaKickoffTime cn displayName \
sambaHomeDrive sambaHomePath sambaLogonScript \
sambaProfilePath description sambaUserWorkstations \
sambaSID sambaPrimaryGroupSID sambaLMPassword \
sambaNTPassword sambaDomainName objectClass \
sambaAcctFlags sambamungeddial sambabadpasswordcount \
sambabadpasswordtime sambapasswordhistory \
modifyTimestamp sambalogonhours modifyTimestamp"
To make the password checking work, I had to configure nss_ldap, which
causes the following LDAP search:
SRCH base="dc=unige,dc=ch"
scope=2 \
filter="(&(objectClass=posixAccount)(uid=test))" \
attrs="uid userPassword uidNumber gidNumber cn homeDirectory \
loginShell gecos description objectClass"
If nss_ldap is not configured, samba complains with the debug
message:
User test in passdb, but getpwnam() fails!
It would be nice to avoid that useless secondary LDAP search
(and the trouble of configuring nss_ldap).
Best regards,
--
Mr Dominique Petitpierre Email: User@Domain
Division Informatique User=Dominique.Petitpierre
University of Geneva Domain=adm.unige.ch