Originally posted by: azev
Is there a way to link user account database from windows 2003 ad to samba ?
I'd like to use a single central database for all users accounts and permission to the samba file server share.
There are really two closely related ideas here:
1) The user account information Samba uses to authenticate access to a share. That is, if a share lists "fred" as it's only entry in Valid Users, then Samba needs to know what password authenticates access as fred.
2) The user account information used to record ownership of files
on disk. I may authenticate as fred, but if I put a file onto a share, it may end up being owned by someone else (through the Force User directive). This is common when you have a big share that many people have equal access to.
#1 is entirely a Samba issue, whereas #2 is a more general nsswitch issue that might involve Samba as well.
I believe what you want for #1 should be taken care of automatically when you configure a Samba server in security=ADS mode. That tells Samba that it's a member server in an AD domain and that it should look to the DC for authentication info. I've never tried out ADS mode, so I can't say for sure.
#2 may or may not be an issue depending on your configuration. The question, basically, is whether you really need the Windows account info to be "translated" into Unix users and groups. For simple read-only shares or shares that many people can access equally, this may not be necessary and could save you a lot of fuss to not bother with. If you do need this, then you need to look into which nssswitch modules will get you the account information from the DC. I believe you can do it with nss_ldap (since that's what AD basically is). There also used to be a module based on winbindd, but I think it's obsolete now. There may be others as well.
