Long machine names...
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu May 21 17:57:56 GMT 1998
On Thu, 21 May 1998, Tim Winders wrote:
> On Thu, 21 May 1998, Luke Kenneth Casson Leighton wrote:
>
> > > OK, we are talking ONLY about machine names here. In an NT domain, what
> > > EXACTLY are machine names use for?
> >
> > please refer to them as "trust accounts". it will help you understand
> > what they are.
>
> OK, trust accounts...
>
> > > I thought (on NT) you could only JOIN
> > > the domain if the machine already has an account
> >
> > (a trust account)
> >
> > > in the domain.
> >
> > correct. actually, if you type in the admin user/pass, you can get a
> > workstation trust account created _at_ the time you attempt to join the
> > domain. not yet possible with samba, so you manually add using "smbpasswd
> > -a -m machine_name".
>
> Yes, I knew both of these facts.
>
> > > After
> > > that, all the trusts etc are handled by the DC. IF this is the case, what
> > > does it matter if we map machine names to nobody,
> >
> > IMHO, not really, as _long_ as the underlying database maintains a unique
> > RID for each account (including trust accounts).
> >
> > this is where jeremy really wants unix accounts to be created on a
> > per-workstation basis, so that a monotonic mapping can be maintained
> > between unix uid and NT rid.
>
> Are there any restrictions on rid numbers?
there are some well-known RIDs that you must not use. other than that,
nope - full 32 bit range.
> A typical unix system cannot
> have a uid larger than 65534 (or something like that). If the key is to
> keep rids unique, why not have samba generate the rid using a number that
> is greater than the largest possible uid? If you do that, you don't have
> to worry about duplicate uid/rid conficts etc. I am sure I am missing
> something here and you/jeremy will point it out...
yes: you need a mapping function.
More information about the samba-technical
mailing list