winbind UID, GID assignment

Mike Gerdts Michael.Gerdts at alcatel.com
Thu May 9 12:23:01 GMT 2002 

I have just started testing of winbindd, to make it so that NT users may
or may not have UNIX accounts.  I have run into two problems.  I am
fishing for solutions that work for me and others.

1.  UNIX UID/GID assigment

The incremental UNIX UID and GID assigment method seems great for
standalone samba servers or standalone Unix workstations.  When you
introduce NFS it becomes a mess.  To address this, I have hacked up
winbindd to get non-cached UIDs from an Oracle database.  Thus, our
Samba server no longer needs to use NIS, Unix accounts do not need to be
created in advance, and if a Unix account is created at some time, the
UID is consistent with the UID that the user will get at some time.

Would it be useful to make the UID/GID miss code allow for a generic
plugin?  I am thinking of something along the lines of 

    BOOL local_lookup_uid(const char *domain, const char *user, uid_t *uid)
    BOOL local_lookup_gid(const char *domain, const char *user, gid_t *gid)

Those functions would appear in a shared library referenced by a new
configuration option "winbind id library".  This would make it easy for
people to write a few lines of clean code rather than hacking the
internals of winbindd to integrate this with their enterprise.  I
envision the first plugin to be one that is able to read from a flat
file with lines like "domain:user:uid".

Would it be better to just have a tool that can be used to populate the
.tdb file and have winbindd not assign new UIDs or GIDs?


2.  Default GID

It would be useful to be able to create a group mapping so that all
users don't end up creating all their files with a GID of "Domain
Users".  That is, I would like some method to say that bob and sue get
group id 123 when they log in, but frank gets gid 327.

My thought is to do a flat file (domain:user:gid) that gets loaded into
the tdb file, either onesy twosy or in bulk.


Is anyone else working these issues?  Are other solutions in the works? 
Would decent code implementing anything that I mention here be included
in future releases?

Mike

More information about the samba-technical mailing list