Can't add local user on system using ldap auth for samba [closed]

Solution 1:

My last answer was bad, ignore that.

I believe your only option is manual editing of /etc/passwd (vipw is preferred because it saves you from your own mistakes). The -o option allows you to create multiple names for one UID, but there isn't an equivalent option for telling passwd to ignore the name already existing when it performs a NSS lookup.

getent passwd will show you how the uids cascade once you've added the user; the first entry wins. Make sure the uid is identical to avoid issues with shifting permissions. (your examples did not include -u syntax)

Solution 2:

Neither of these two workarounds are optimum, but they do give sysadmins a way of moving forward if they find themselves in the sticky situation where LDAP and the local passwd file are blocking each other.

Workaround 1: I created a local user with a different UID (username) to give ssh access to a person who already had an LDAP/Samba entry. Possibly the cheeziest sysadmin solution I've done in years.

Workaround 2: A little more complicated but comes down to adding the local user with the same uidNumber as in LDAP.

1. Lookup LDAP uidNumber with getent, ldapsearch, or smbldap-usershow
2. Temporarily disable the user in LDAP in order to add the local user without conflicts
3. Create the local account matching the uidNumber with LDAP
4. Re-enable the user in LDAP

Both of these work, but neither address the underlying issue of allowing the authentication to use LDAP exclusively for Samba auth and /etc/passwd for local auth. But in the absence of another solution, this will have to do.