(no subject)

[Andrew Bartlett]

"McIntosh, Qi" wrote:
> 
> Hi,
> I am new to samba and CIFS. I am just trying to learn and understand how
> samba/CIFS works. I saw some of the discussion about users without local
> uid, but I also remember that samba support a client access file share on a
> Samba server without having a account on the host Unix machine.
> I am confused...

Well, the 'non-unix-account' stuff I've been going on about is a bit
weird.  There are parts of the protocol where we do things like lookup
users and authorised logins, but we don't need to actually *become* that
user.  

For cases where we need to do that (and I havn't coded this yet) I'll
have some kind of 'map to guest' option.  Probably 'map to guest = non
unix account'.

> So reading the code of Samba head.  When ADS, kerberos are enabled,  how
> does Samba support a client "session setup" request while the client doesn't
> have a local account on the samba host?
> I assume that smb_getpwnam() will return NULL if the client doesn't have a
> local account there. right?

Yes.

> If the client has an account in the MS domain, what is the way to get that
> account information over? With NTLM,  NetrSamLogon to the domain controller
> will get some of it, right?  I am guessing that with Active Directory, it
> should be available via LDAP. Am I right?  Is there something I missed?

This is where Samba must be paired with 'winbind'.  Winbind gets this
information from the DC and presents it to the unix getpw* apis.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net