Long machine names...
Tim Winders
twinders at SPC.cc.tx.us
Thu May 21 17:58:56 GMT 1998
On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:
> > OK, we are talking ONLY about machine names here. In an NT domain, what
> > EXACTLY are machine names use for?
>
> please refer to them as "trust accounts". it will help you understand
> what they are.
OK, trust accounts...
> > I thought (on NT) you could only JOIN
> > the domain if the machine already has an account
>
> (a trust account)
>
> > in the domain.
>
> correct. actually, if you type in the admin user/pass, you can get a
> workstation trust account created _at_ the time you attempt to join the
> domain. not yet possible with samba, so you manually add using "smbpasswd
> -a -m machine_name".
Yes, I knew both of these facts.
> > After
> > that, all the trusts etc are handled by the DC. IF this is the case, what
> > does it matter if we map machine names to nobody,
>
> IMHO, not really, as _long_ as the underlying database maintains a unique
> RID for each account (including trust accounts).
>
> this is where jeremy really wants unix accounts to be created on a
> per-workstation basis, so that a monotonic mapping can be maintained
> between unix uid and NT rid.
Are there any restrictions on rid numbers? A typical unix system cannot
have a uid larger than 65534 (or something like that). If the key is to
keep rids unique, why not have samba generate the rid using a number that
is greater than the largest possible uid? If you do that, you don't have
to worry about duplicate uid/rid conficts etc. I am sure I am missing
something here and you/jeremy will point it out...
=== Tim
---------------------------------------------------------------------
| Tim Winders, CNE, MCSE | Email: TWinders at SPC.cc.tx.us |
| Network Administrator | Phone: 806-894-9611 x 2369 |
| South Plains College | Fax: 806-897-4711 |
---------------------------------------------------------------------
More information about the samba-technical
mailing list