7.2 Background

The term Stand-alone Server means that it will provide local authentication and access control for all resources that are available from it. In general this means that there will be a local user database. In more technical terms, it means resources on the machine will be made available in either SHARE mode or in USER mode.

No special action is needed other than to create user accounts. Stand-alone servers do not provide network logon services. This means that machines that use this server do not perform a domain logon to it. Whatever logon facility the workstations are subject to is independent of this machine. It is, however, necessary to accommodate any network user so the logon name they use will be translated (mapped) locally on the Stand-alone Server to a locally known user name . There are several ways this can be done.

Samba tends to blur the distinction a little in respect of what is a Stand-alone Server. This is because the authentication database may be local or on a remote server, even if from the SMB protocol perspective the Samba server is not a member of a domain security context.

Through the use of Pluggable Authentication Modules (PAM) and the name service switcher (NSSWITCH), which maintains the UNIX-user database) the source of authentication may reside on another server. We would be inclined to call this the authentication server. This means that the Samba server may use the local UNIX/Linux system password database ( /etc/passwd or /etc/shadow ), may use a local smbpasswd file, or may use an LDAP backend, or even via PAM and Winbind another CIFS/SMB server for authentication.