[Bug 721514] [NEW] Samba should be more selective when importing accounts

[Etienne Goyer]

Public bug reported:

Binary package hint: samba

The Samba postinst maintainer script systematically import all account
with uid >= 1000.  This is so that user account and such have
corresponding Samba account.  In most case, this is a good thing and
make.  However, where the machine has been configured with a network
directory as the source of user account (ie, using nss_ldap), this may
not be desirable.  Especially if the network directory host a large
number of user accounts, this could be very wasteful.

The behavior of the account import is preseedable with the
samba/generate_smbpasswd debconf template.  This is good, but it's an
either/or proposition.

Perhaps it would be better if we where only importing local users (those
listed in /etc/passwd)?  We could do that by specifying the compat
service to getent ("-s compat") in the samba.postinst maintainer script,
such as:

if [ "${GENERATE_SMBPASSWD}" = "true" -a ! -e /var/lib/samba/passdb.tdb -a ! -e /etc/samba/smbpasswd ]; then
        getent -s compat passwd | mksmbpasswd > /etc/samba/smbpasswd
        pdbedit -i smbpasswd -e tdbsam -d 0
        rm /etc/samba/smbpasswd
fi


I guess the implication owuld need to be considered, and the first thing is to decide whether there is a good reason to import the non-local account in Samba.

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
https://bugs.launchpad.net/bugs/721514

Title:
  Samba should be more selective when importing accounts