mapping from NT users to Unix users. question.

Luke Kenneth Casson Leighton lkcl at samba.org
Tue Jan 18 05:08:31 GMT 2000 

ok, i thought about this a bit.  i can't just assume that the home
directory returned from an NT PDC is going to be valid.

are NT admins going to map NT user home directories to unix names?

probably not!

soo... i really should be the one doing the mapping.

oh well.


On Tue, 18 Jan 2000, Steve Langasek wrote:

> On Tue, 18 Jan 2000, S. Striker wrote:
> 
> > I guess I would prefer that if a user logs on he gets his NTUser home
> > share. Otherwise people run to the administrator telling him there
> > is somekind of security breach and that they can access someone else's
> > files. ;-)
> > You can't explain this behaviour to users... They just don't get it.
> > It gets worse if you are confronted with new users every year. This is
> > the case on a lot of universities and believe me, they're running
> > Samba.
> 
> Seems easy enough to explain to me: "The name of your home directory on the
> network has nothing to do with your username; it's not a security problem;
> don't worry about it."  I also can't picture lots of users sounding the
> security alarms because their NT home directory isn't based off of their
> username.  Most users, IMHO, are likely to a) not care, or b) be
> comfortable/familiar enough with NT to not be surprised by this sort of thing.
> 
> > Anyhow, a better argument would be that it is not the behaviour of a
> > NT Server... which is what you are trying to match. ;-)
> 
> If the NT server were guaranteed to always return \\server\NTusername as the
> home directory of a user, then there would be nothing to discuss, because the
> client would never bother to *ask* where the homedir is.  As it stands, the
> client does ask, which gives Samba a fair amount of leeway in terms of the
> answer it gives.  
> 
> > > i have a slight issue to consider.  when giving out home directories, a
> > > user logs in as "NTuser" and gets mapped to "unixuser", i wonder if it's
> > > better to return \\server\unixuser as the home directory instead of
> > > \\server\ntuser.
> 
> > > the reason is that it will make life a _lot_ simpler when it comes to
> > > accessing smbd.  i won't have to do _any_ nt to unix mapping to create the
> > > [homes] section.
> 
> The traditional value of the [homes] share, as I understand it, has been in
> providing an easy way to access the home directories of existing *unix* users.
> Using NT users instead would break backwards compatibility within Samba.
> Moreover, it sounds to me like using NT usernames for the [homes] share will
> add unneeded complexity to the code, which is a bad idea, IMO. :)
> 
> -Steve Langasek
> postmodern programmer
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-technical mailing list