samba-tng-alpha-1.0.tar.gz

Aaron D. Brooks abrooks at css.tayloru.edu
Sat Mar 18 02:18:10 GMT 2000 

On Sat, 18 Mar 2000, Seth Vidal wrote:

> > you _cannot_ have the same username as a groupname or vice-versa on the
> > unix side.
> > 
> > if you do, the lookups from unix names to nt names will fail, because nt
> > namespace is expected to be unique, therefore login and access _will_ also
> > fail.
> > 
> > nt namespace uses unique names amongst users, groups, aliases and domains.
> > a name is resolved to a SID _and_ a type, therefore must be unique in
> > order to do this.
> > 
> > check your /etc/group and /etc/passwd: make sure that all non-unique names
> > are mapped to unique nt names, using the domain user/group/alias/builtin
> > map options.
> 
> This is going to hit A LOT of people - especially debian and redhat users.
> Redhat and debian setup usergroups by default (user and group name are the
> same and is the default group for the user) - this will mean A LOT of
> munging passwd and group files.
> is there anyway around this?
> ugh.

IEEEE!!!! I hope there is a way around this... I just finished a _very_
involved (and pretty sweet) system of NETBIOS aliased virtual servers that
use heavy macro expansion on their name to do stuff like:

[public_html]
        copy = root

	comment = %L %S directory

        force user = %L
        force group = %L

        path = %H/%S
        force create mode = 0755
        force directory mode = 0755

        read list = @users
        write list = root, @%L-prof, @%L-web
        valid users = root, @users

Actually this is slightly modified... some of the above lines actually
appear in the "root" share. (about half of them) but just so you can see
what's happening. This allows me to be pretty flexible. All I do to give
someone access to a share is add them to a UNIX group. We do a lot of
projects where people work both on the UNIX (mostly Linux) and the NT side
of things pretty evenly and having one point of maintenance is _really_
important. Please say that this can be worked around, _please_.......

(stupid NT monolithic namespace!!!!)

-Aaron

+------->
Aaron D. Brooks,  765 . 998 . 5168
Computing Systems Resource Manager
Taylor University,  CSS Department
abrooks [SHIFT"2"] css.tayloru.edu

More information about the samba-ntdom mailing list