Can't add local user on system using ldap auth for samba [closed]
Solution 1:
My last answer was bad, ignore that.
I believe your only option is manual editing of /etc/passwd
(vipw
is preferred because it saves you from your own mistakes). The -o
option allows you to create multiple names for one UID, but there isn't an equivalent option for telling passwd
to ignore the name already existing when it performs a NSS lookup.
getent passwd
will show you how the uids cascade once you've added the user; the first entry wins. Make sure the uid is identical to avoid issues with shifting permissions. (your examples did not include -u
syntax)
Solution 2:
Neither of these two workarounds are optimum, but they do give sysadmins a way of moving forward if they find themselves in the sticky situation where LDAP and the local passwd file are blocking each other.
Workaround 1: I created a local user with a different UID (username) to give ssh access to a person who already had an LDAP/Samba entry. Possibly the cheeziest sysadmin solution I've done in years.
Workaround 2: A little more complicated but comes down to adding the local user with the same uidNumber as in LDAP.
- Lookup LDAP uidNumber with getent, ldapsearch, or smbldap-usershow
- Temporarily disable the user in LDAP in order to add the local user without conflicts
- Create the local account matching the uidNumber with LDAP
- Re-enable the user in LDAP
Both of these work, but neither address the underlying issue of allowing the authentication to use LDAP exclusively for Samba auth and /etc/passwd for local auth. But in the absence of another solution, this will have to do.