CVS update: samba/source

Jeremy Allison jallison at whistle.com
Thu Mar 26 18:02:51 GMT 1998 

Jean-Francois Micouleau wrote:
> 
> On Thu, 26 Mar 1998, Luke Kenneth Casson Leighton wrote:
> 
> > workstation should be the default.  server is reserved, i believe, for
> > Backup Domain Controllers.  the majority of machines are going to be
> > ordinary workstations (ACB_WKSTRUST).
> 
> Servers ? I think there are BDC, file servers, and trust relationships ?
> 

Luke, you are correct. Sorry for that bug. I will remove 
the code in the new smbpasswd that allows selection of 
ACB_SVRTRUST and replace it with ACB_WSTRUST.

> 
> I think it's time to split the smbpasswd file for users and machines and
> make two distinct files.
> 

Well I had a long discussion with Andrew about this.

We came to the conclusion that we can't do this yet (even
though I originally wanted to).

The reason is that NT machines enumerating accounts
expect to see machine accounts as well as user accounts.

It would complicate things somewhat if we had a separate
machine account file - a lot of the security code would
get more complicated. I'd like to revisit doing this
a little later, but for now it's much more convenient
to leave the machine accounts in the smbpasswd file.


> (have to check the code) but if you create uid for machines, people will
> tend to be lost.
> 

Right now my 'new machine' code starts counting down
from MAX(((unsigned)(sizeof(uid_t))/2 - 1) (to get around 
signed/unsigned issues) and so shouldn't overlap with allocated 
unix uid's. Another big question - do we want to insist
that machine accounts have matching UNIX accounts (I'd
like to - as I trust the unix account database method
much more than the NT one) - what do people think ?

> > don't forget that we really actually need to add two more fields: a user
> > RID and a Primary Group RID, in _addition_ to the unix uid in the
> > smbpasswd file.
> >

Nope I disagree with this. We just need a mapping function
from unix uid to NT RID, and the primary group rid should
be handled by mapping the unix primary gid to an NT RID.

> > if these are not added, then by default there should exist a "unix
> > uid/gid" <-> "NT user RID / group RID" function, which we have already
> > agreed should be based on the NT Posix mapping system (NT User RID = unix
> > uid + 0x100000; NT Group RID = unix gid + 0x200000" i think).
> 

We should use the softway OpenNT system. The only
problem is on unix's where sizeof(uid_t) == 2 - which
is lots of them I think. We really need a 32 bit RID
type.

> There is something else with groups while we are at it.
> 
> In english version of NT: Domain admins group
> In french version: Administrateurs du domaine.
> 
> We will need a new small text file a la username mapping, to map the
> domain group RID to the corresponding name
> 

Why can't we use the unix /etc/group file for this (although
in practice I think you're probably right - we need one to
map stuff like 'Administrators' -> 'wheel' etc). ?

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------

More information about the samba-technical mailing list