Hi everyone, is it possible to have a Samba server without creating local accounts for users on that server? Share level security doesn't count though. ;-) The idea is not to need to create and update users on the Samba server itself (i.e. no local users, no entries in /etc/passwd, etc). The documentation says something about Domain and ADS level security being basically just forms of user level security, so - for the moment- it looks to me as if there's no way around creating those local users. Is that correct? Wondering, Robert
Robert Schuettler wrote:> Hi everyone, > > is it possible to have a Samba server without creating local accounts > for users on that server? > > Share level security doesn't count though. ;-) The idea is not to need > to create and update users on the Samba server itself (i.e. no local > users, no entries in /etc/passwd, etc). > > The documentation says something about Domain and ADS level security > being basically just forms of user level security, so - for the moment- > it looks to me as if there's no way around creating those local users. > Is that correct?I can't say for certain, I believe it's possible, if you use ACLs on your file system.
On Monday 06 June 2005 16:37, Robert Schuettler wrote:> Hi everyone, > > is it possible to have a Samba server without creating local accounts > for users on that server? > > Share level security doesn't count though. ;-) The idea is not to need > to create and update users on the Samba server itself (i.e. no local > users, no entries in /etc/passwd, etc). > > The documentation says something about Domain and ADS level security > being basically just forms of user level security, so - for the moment- > it looks to me as if there's no way around creating those local users. > Is that correct? > > Wondering, RobertIt is possible to authenticate against an active directory or a samba PDC, these are the only ways that I know of for you to avoid adding local users, and do a sort of "pass through" auth. Hope that helps, H -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20050606/76985e3c/attachment.bin
On 6/6/05, Robert Schuettler <rober@cis.fu-berlin.de> wrote:> Hi everyone, > > is it possible to have a Samba server without creating local accounts > for users on that server? > > Share level security doesn't count though. ;-) The idea is not to need > to create and update users on the Samba server itself (i.e. no local > users, no entries in /etc/passwd, etc). > > The documentation says something about Domain and ADS level security > being basically just forms of user level security, so - for the moment- > it looks to me as if there's no way around creating those local users. > Is that correct?Not quite, but you can save a few steps if you have some easy & dynamic way to create & maintain the local users. We do linux auth against ADS with a combination of winbind, kerberos, pam_mkhomedir (to auto make the home dir), and pam_mount (to mount/unmount the shares automatically without the user needing root access, and no prior modifications to fstab). With that we have what you want, but it was pretty hard to set up. (I didn't do it--it was our genius network admin doing a ton of reading and a lot of trial and error. But we're not the only ones who've done it.)
On Monday 06 June 2005 09:37, Robert Schuettler wrote:> Hi everyone, > > is it possible to have a Samba server without creating local accounts > for users on that server? > > Share level security doesn't count though. ;-) The idea is not to need > to create and update users on the Samba server itself (i.e. no local > users, no entries in /etc/passwd, etc). > > The documentation says something about Domain and ADS level security > being basically just forms of user level security, so - for the moment- > it looks to me as if there's no way around creating those local users. > Is that correct? > > Wondering, RobertWhat you are asking is: "Can a Samba server be a domain member server or client in a Windows NT4 domain, or in an Active Directory domain?" The answer is: Yes! Of course! Suggest you refer to chapter 7 of the book "Samba-3 by Example" (aka. Samba-Guide). This chapter deals exclusively with this subject. You can obtain a copy of this book from: http://www.samba.org/samba/docs/Samba-Guide.pdf The information you provide above does not identify which of our documentation is deficient. Please help use to improve the quality and suitability of our documentation where it is inadequate. You can assist us by providing clear and unabiguous feedback regarding the documentation you have reviewed and specfically what information you need that is not addressed. Cheers, John T.