PASSDB: local and domain accounts

Gerald Carter gcarter at valinux.com
Wed Nov 15 21:41:15 GMT 2000 

Simo Sorce wrote:
> 
> > ok.  Think for a second.  Have I ever advocated the removal
> > of Samba's dependence on UNIX uids?  Nope.  :) btw...that
> > proposal is being discussed on tng-technical right now
> > if anyone is interested.
> 
> Excuse me, maybe I was not clear on this point.
> Idon't know english as I wish :(

No.  You're fine. :-)  No offense intended.  Sorry.

> I know uids does not need to be present in passwd to 
> be used (passwd and the hole name mapping is only a 
> user space thing, kernel and fs understands only uid 
> and gid...) what I mean is that you should have system 
> passwd and samba passwd always in sync or user managment 
> would be difficult. seeing jerry or simo as file owner 
> is clear but seeing 26503 and 25063 numeric uids is not!
> :)

I agree completely.  That is where I was bringing up the
need for a nss_passdb.so module.  It would handle 
mapping the uid to a user for getpwuid() calls.


> probably we think the same thing but my english 
> makes things difficult, sorry :(

Don't aplogize.  No reason for it.  I'm glad to 
took the time to respond.  :-)


> If I understand you propose to use winbind for domain users 
> but not for local (stored in passdb).

Yes.

> Also passdb stores users that does not exist on system 
> and need free uid. So a samba server that has local 
> samba account + domain accounts from a PDC should have 
> a free range of uids for local passdb and another one for
> domain users.

This is true if the the passdb and winbind modules 
could not use the same name<->uid mapping TDB.  I've not been
able to determine whether or not this is possible.  Lack 
of time so far I'm afraid. :-\

If both the passdb and winbind modules could share a single
TDB for the mapping, then you could ideally only allocate one
block of uids/gids.  However, this is not really a big deal
if you have to specify two different blocks.






Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter at valinux.com
       http://www.samba.org/       SAMBA Team          jerry at samba.org
       http://www.plainjoe.org/                     jerry at plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list