Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?]
Peter Samuelson
peter at cadcamlab.org
Tue Aug 8 08:35:44 GMT 2000
[Paul Jansen <vlaero at yahoo.com.au>]
> It seems to me that freeBSD doesn't like login names with a '$' in
> them. Is it possible to somehow add the required NT machine account
> (machinename$) to a FreeSD system so as to allow login from and NT
> workstation to a SAMBA controlled Domain?
This brings up a nagging question I've had for awhile.
Why does Samba insist that every member machine be in /etc/passwd (or
reachable via getpwnam(), if you use nsswitch)? Can this be changed?
Obviously it isn't using the password, shell or home directory fields.
I don't think it needs the GECOS field either.
That leaves the UID and GID fields. But why? Samba doesn't ever need
to `become' the machine account user, does it?
The only thing I can think of is that Samba is using the passwd file to
reserve UID numbers so it can use them for RIDs. Is this the case? In
this case, I would think it would be faster and not much harder for
smbpasswd to generate RIDs from somewhere else, like a smb.conf
parameter:
trust account rids = 50000-50999
I guess what bothers me is the duplication of information. For regular
users, I agree that they need to be in /etc/passwd as well as
smbpasswd, but machine accounts shouldn't have to appear both places.
More to the point, administrators shouldn't have to put them in both
places.
Peter
More information about the samba-ntdom
mailing list