Why machines in passwd anyway? [was Re: NT machine accounts in FreeBSD?]

Simo Sorce simo.sorce at polimi.it
Tue Aug 8 11:52:16 GMT 2000 

Peter Samuelson wrote:
> 
> [Paul Jansen <vlaero at yahoo.com.au>]
> > It seems to me that freeBSD doesn't like login names with a '$' in
> > them.  Is it possible to somehow add the required NT machine account
> > (machinename$) to a FreeSD system so as to allow login from and NT
> > workstation to a SAMBA controlled Domain?
> 
> This brings up a nagging question I've had for awhile.
> 
> Why does Samba insist that every member machine be in /etc/passwd (or
> reachable via getpwnam(), if you use nsswitch)?  Can this be changed?
> 
> Obviously it isn't using the password, shell or home directory fields.
> I don't think it needs the GECOS field either.
> 
> That leaves the UID and GID fields.  But why?  Samba doesn't ever need
> to `become' the machine account user, does it?
> 
> The only thing I can think of is that Samba is using the passwd file to
> reserve UID numbers so it can use them for RIDs.  Is this the case?  In
> this case, I would think it would be faster and not much harder for
> smbpasswd to generate RIDs from somewhere else, like a smb.conf
> parameter:
> 
>   trust account rids = 50000-50999
> 
> I guess what bothers me is the duplication of information.  For regular
> users, I agree that they need to be in /etc/passwd as well as
> smbpasswd, but machine accounts shouldn't have to appear both places.
> More to the point, administrators shouldn't have to put them in both
> places.
> 
> Peter

I think you got a point I've questioned myself about many time.
I else think machine names really do not belong to passwd, plus I think
onthefly RID/SID generation is really UGLY. Isn't it possible to
genberate this items once and put the in smbpasswd as for UID and
Passwords(NT/LM)??
This would help also in migration from Real PDC as we can set manually
SIDs and RIDs if needed, is this sensless?

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-ntdom mailing list