My server has access to a read-only LDAP where information about 99% of user accounts will reside. On my server I want to configure Samba to use LDAP for authentication.
Now and then there will be some extra users that do not have an account on LDAP. How should I manage their authentication data and make Samba aware of it?
From the Samba documentation:
Early releases of Samba-3 implemented new capability to work concurrently with multiple
account backends. This capability was removed beginning with release of Samba 3.0.23.
Commencing with Samba 3.0.23 it is possible to work with only one specified passwd backend.
So it seems Samba can support one authentication back-end only. Is there any workaround?
Best Answer
The password back end being discussed here is in reference to the local storage of Samba user passwords. For users that are setup as local Samba users, their passwords can be stored in a variety of fashions (tdbsam, ldapsam, smbpasswd, etc).
The LDAPSam backend is used if/when you have a local directory server running and wish to store Samba user passwords to it, as opposed to a TDB or flat file. Since you mentioned "you have access to a read only LDAP" I presume this LDAP service isn't running locally, and instead you want to authenticate users against an LDAP, where there user account information is already stored? There's a subtle difference between two. One is "Which back end should I use to store local account information" and the other is "where should I go to authenticate users?"
If that's the case, what I think you're looking for are the authentication models Samba utilizes, primarily, the User, Domain, and ADS models (google "Samba security modes"). You'll probably be most interested in the Domain/ADS models, which allow you to hook into ActiveDirecory or LDAP services to authenticate user accounts to access Samba shares.
For users that are not in the LDAP service your option may be simple local Samba user accounts, which will then be stored - going back to the previous mention of back ends - in whatever back end you've selected :)
If you'll be using Samba a lot, I might recommend going out and grabbing something like an O'Reilly guide. The most commonly referenced Samba documentation out there is the "SAMBA-3-HOWTO." While it's a great reference, it's very easy to find yourself with dated information, which can lead to much longer periods of troubleshooting.