SURS, machine accounts, etc... [wasRe: Inoltra: Re: Why
machines in passwd anyway?]
Peter Samuelson
peter at cadcamlab.org
Tue Aug 22 05:34:59 GMT 2000
[Adam Williams <awilliam at whitemice.org>]
> I'm mostly just a lurker but I don't see how a search of /etc/passwd
> (or nss at least) can be avoided.
For user accounts, yes, we need to look up the NSS entry. But for NT
domain trust accounts, IMHO, we do not. And that's what we're talking
about here, as Paul has said. The trust account only needs to store
three things [well, I may be simplifying a bit]: client name, password,
and RID. The first two are already in the smbpasswd file -- why not
the third as well?
The notion of calculating the RID from the UID, as opposed to just
putting a unique one in the smbpasswd store and always using *that*,
has another potential problem. What if we're a BDC? In that case we
don't have any control over the RID; we have to use what the PDC tells
us. Obviously we have to cache this value ... but where? I don't know
how Samba-TNG resolves this issue but to me the obvious place is the
smbpasswd file, where all the other DC information is already.
Peter
--boundary111110--
More information about the samba-ntdom
mailing list