samba - Jul 2012 - Samba: read-only remote LDAP + additional local users

Hi all,

my server has access to a read-only remote LDAP-server where
information about 99% of user accounts is residing. On my server I
want to configure Samba to use LDAP-sever for authentication.

Now and then there will be some extra users that do not have an
account on LDAP. How should I manage their authentication data and
make Samba aware of it?
>From the Samba documentation:
    Early releases of Samba-3 implemented new capability to work
concurrently with multiple account backends. This capability was
removed beginning with release of Samba 3.0.23. Commencing with Samba
3.0.23 it is possible to work with only one specified passwd backend.

So it seems Samba can support one authentication back-end only and if
I make it use remote LDAP I cannot add any extra users with their
accounts stored locally.  Is there any workaround/solution for my
scenario?

Thanks for any help,

Arokux

Why do not have all users work within samba?
What is the reason?

-----------------------------------------------
EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Urspr?ngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Arokux B.
Gesendet: Montag, 23. Juli 2012 22:16
An: samba at lists.samba.org
Betreff: [Samba] Samba: read-only remote LDAP + additional local users

Hi all,

my server has access to a read-only remote LDAP-server where information
about 99% of user accounts is residing. On my server I want to configure
Samba to use LDAP-sever for authentication.

Now and then there will be some extra users that do not have an account on
LDAP. How should I manage their authentication data and make Samba aware of
it?
>From the Samba documentation:
    Early releases of Samba-3 implemented new capability to work
concurrently with multiple account backends. This capability was removed
beginning with release of Samba 3.0.23. Commencing with Samba
3.0.23 it is possible to work with only one specified passwd backend.

So it seems Samba can support one authentication back-end only and if I make
it use remote LDAP I cannot add any extra users with their accounts stored
locally.  Is there any workaround/solution for my scenario?

Thanks for any help,

Arokux
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Tue, Jul 24, 2012 at 7:55 AM, Daniel M?ller <mueller at
tropenklinik.de> wrote:
> Why do not have all users work within samba?
> What is the reason?
My server is a small private server of a small subdivision. Now and
then there are external people that come to us for short time and they
also need access to our Samba-shares. I cannot change anything on the
LDAP-Server and so cannot add them to it.

On Tue, 2012-07-24 at 10:06 +0200, Arokux B. wrote:
> On Tue, Jul 24, 2012 at 7:55 AM, Daniel M?ller <mueller at
tropenklinik.de> wrote:
> > Why do not have all users work within samba?
> > What is the reason?
> 
> My server is a small private server of a small subdivision. Now and
> then there are external people that come to us for short time and they
> also need access to our Samba-shares. I cannot change anything on the
> LDAP-Server and so cannot add them to it.
Do you bind directly against the LDAP server as a samba passdb, or do
you join the domain?

It would be more normal to join the domain, and then you can have local
unix users and local Samba users in your local passdb, while connecting
to the main company domain as a domain member. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org