mapping from NT users to Unix users. question.
Steve Langasek
vorlon at netexpress.net
Tue Jan 18 02:49:24 GMT 2000
On Tue, 18 Jan 2000, S. Striker wrote:
> I guess I would prefer that if a user logs on he gets his NTUser home
> share. Otherwise people run to the administrator telling him there
> is somekind of security breach and that they can access someone else's
> files. ;-)
> You can't explain this behaviour to users... They just don't get it.
> It gets worse if you are confronted with new users every year. This is
> the case on a lot of universities and believe me, they're running
> Samba.
Seems easy enough to explain to me: "The name of your home directory on the
network has nothing to do with your username; it's not a security problem;
don't worry about it." I also can't picture lots of users sounding the
security alarms because their NT home directory isn't based off of their
username. Most users, IMHO, are likely to a) not care, or b) be
comfortable/familiar enough with NT to not be surprised by this sort of thing.
> Anyhow, a better argument would be that it is not the behaviour of a
> NT Server... which is what you are trying to match. ;-)
If the NT server were guaranteed to always return \\server\NTusername as the
home directory of a user, then there would be nothing to discuss, because the
client would never bother to *ask* where the homedir is. As it stands, the
client does ask, which gives Samba a fair amount of leeway in terms of the
answer it gives.
> > i have a slight issue to consider. when giving out home directories, a
> > user logs in as "NTuser" and gets mapped to "unixuser", i wonder if it's
> > better to return \\server\unixuser as the home directory instead of
> > \\server\ntuser.
> > the reason is that it will make life a _lot_ simpler when it comes to
> > accessing smbd. i won't have to do _any_ nt to unix mapping to create the
> > [homes] section.
The traditional value of the [homes] share, as I understand it, has been in
providing an easy way to access the home directories of existing *unix* users.
Using NT users instead would break backwards compatibility within Samba.
Moreover, it sounds to me like using NT usernames for the [homes] share will
add unneeded complexity to the code, which is a bad idea, IMO. :)
-Steve Langasek
postmodern programmer
More information about the samba-technical
mailing list