Web lists-archives.com

Re: [Samba] force re-authentication when accessing different shares




On Mon, 21 Jan 2019 12:54:00 -0400
Robert Marcano via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On 1/21/19 11:04 AM, Rowland Penny via samba wrote:
> > On Mon, 21 Jan 2019 10:43:35 -0400
> > Robert Marcano via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> >> On 1/21/19 10:24 AM, Harald Glanzer via samba wrote:
> >>> hello & thx for your fast response!
> >>>
> >>> i need a way to create samba shares without creating system user
> >>> accounts:
> >>>
> >>> - add users via smbpasswd with unique password
> >>> - no need for a corresponding useraccount in /etc/passwd
> >>> - access to the corresponding shares should be independent from
> >>> any domain (i.e. the share should be accessable
> >>> via windows client)
> >>
> >> Is't this a reimplementation on winbind nss interface?. Why not
> >> just use winbind with one of it's mapping strategies. I am pretty
> >> sure it should work for standalone servers.
> >>
> > 
> > idmap_nss maps Unix users to Domain users, it needs users
> > in /etc/passwd, the OP doesn't want this.
> 
> But shouldn't something like
> 
>    idmap config * : backend = tdb
>    idmap config * : range = 1000000-2000000
> 
> and the propper winbind entries on /etc/nsswitch.conf be enough?

No, it probably wouldn't, he would still need users in /etc/passwd.
> 
> I am assuming Samba working on standalone mode will try to locate the 
> user on the passwd database via nss and then the idmap config is
> used, looking for the user and creating a new mapping if not found.

The OP does not want users in /etc/passwd. I think the only way to do
this using the default Samba packages will be to run Samba as a
standalone server with users in ldap, but this still requires the users
to be stored in ldap. The OP seems to want the users creating as they
connect.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba