More proposed passdb changes: users without local unix uids.

Jeremy Allison jra at
Tue Jan 8 10:01:08 GMT 2002

On Tue, Jan 08, 2002 at 05:12:02PM +1100, Andrew Bartlett wrote:
> Make pdb_add_sam_account() and pdb_upate_sam_account() refill their
> buffers
> I'm looking into some various changes to the passdb code - the item of
> interest to me at the moment is finally killing off the machine trust
> accounts in /etc/passwd (but I'm looking at crazy ideas about users not
> in /etc/passwd as well).
> As such I've made some modifications to the smbpasswd code so that it
> can store users without an /etc/passwd entry.  This is done by using the
> uids above 6000 and converting them to rids in line with existing
> practice.
> Of course the uid field never makes it to the SAM_ACCOUNT struct, but
> this method is backward-compatible (as far as I can tell) because the
> smbpasswd format is unchanged (unless you are a site with over 6000
> users in smbpasswd, and I highly doubt there are any, given the
> performance problems).

I'm concerned about this. The reason is that on many
sites the users are not allocated in a linear fashion.

You can't just assume that users over 6000 are "safe".

I'd resist creating users in smbpasswd that don't exist
in /etc/passwd. Please don't check this code in yet.


More information about the samba-technical mailing list