Long machine names...

Tim Winders twinders at SPC.cc.tx.us
Thu May 21 16:46:03 GMT 1998


On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:

> > > 1) use a mangling system
> > > 2) map all $ accounts to "nobody"
> > 
> > Why is #2 "nasty".
> 
> it destroys jeremy's wish to see all NT accounts with an equivalent unix
> account.

Well, I don't see how this can ever happen with a maximum possible machine
name of 16 characters...
 
> the "map username" (or map trust accounts to guest) can be seriously
> abused...

OK, we are talking ONLY about machine names here.  In an NT domain, what
EXACTLY are machine names use for?  I thought (on NT) you could only JOIN
the domain if the machine already has an account in the domain.  After
that, all the trusts etc are handled by the DC.  IF this is the case, what
does it matter if we map machine names to nobody, especially since the
machine names must be added manually now... In the future, when the add
machine to domain code is working, this should only be done by a member of
the domain admins = parameter.  *I* don't see a security issue here... 

=== Tim

---------------------------------------------------------------------
|  Tim Winders, CNE, MCSE        |  Email:  TWinders at SPC.cc.tx.us   |
|  Network Administrator         |  Phone:  806-894-9611 x 2369     |
|  South Plains College          |  Fax:    806-897-4711            |
---------------------------------------------------------------------




More information about the samba-technical mailing list