Long machine names...

Tim Winders twinders at SPC.cc.tx.us
Thu May 21 17:58:56 GMT 1998

On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:

> > OK, we are talking ONLY about machine names here.  In an NT domain, what
> > EXACTLY are machine names use for?
> please refer to them as "trust accounts".  it will help you understand
> what they are.

OK, trust accounts...
> >  I thought (on NT) you could only JOIN
> > the domain if the machine already has an account
> (a trust account)
> > in the domain.
> correct.  actually, if you type in the admin user/pass, you can get a
> workstation trust account created _at_ the time you attempt to join the
> domain.  not yet possible with samba, so you manually add using "smbpasswd
> -a -m machine_name".

Yes, I knew both of these facts.
> >  After
> > that, all the trusts etc are handled by the DC.  IF this is the case, what
> > does it matter if we map machine names to nobody,
> IMHO, not really, as _long_ as the underlying database maintains a unique
> RID for each account (including trust accounts).
> this is where jeremy really wants unix accounts to be created on a
> per-workstation basis, so that a monotonic mapping can be maintained
> between unix uid and NT rid.

Are there any restrictions on rid numbers?  A typical unix system cannot
have a uid larger than 65534 (or something like that).  If the key is to
keep rids unique, why not have samba generate the rid using a number that
is greater than the largest possible uid?  If you do that, you don't have
to worry about duplicate uid/rid conficts etc.  I am sure I am missing
something here and you/jeremy will point it out... 

=== Tim

|  Tim Winders, CNE, MCSE        |  Email:  TWinders at SPC.cc.tx.us   |
|  Network Administrator         |  Phone:  806-894-9611 x 2369     |
|  South Plains College          |  Fax:    806-897-4711            |

More information about the samba-technical mailing list