winbind UID, GID assignment
Andrew Bartlett
abartlet at pcug.org.au
Mon May 13 04:39:24 GMT 2002
Mike Gerdts wrote:
>
> I have just started testing of winbindd, to make it so that NT users may
> or may not have UNIX accounts. I have run into two problems. I am
> fishing for solutions that work for me and others.
>
> 1. UNIX UID/GID assigment
>
> The incremental UNIX UID and GID assigment method seems great for
> standalone samba servers or standalone Unix workstations. When you
> introduce NFS it becomes a mess. To address this, I have hacked up
> winbindd to get non-cached UIDs from an Oracle database. Thus, our
> Samba server no longer needs to use NIS, Unix accounts do not need to be
> created in advance, and if a Unix account is created at some time, the
> UID is consistent with the UID that the user will get at some time.
>
> Would it be useful to make the UID/GID miss code allow for a generic
> plugin? I am thinking of something along the lines of
>
> BOOL local_lookup_uid(const char *domain, const char *user, uid_t *uid)
> BOOL local_lookup_gid(const char *domain, const char *user, gid_t *gid)
The username and domain may not be known at the time a mapping is
required. Thats the easy bit - we might not even know if it is a uid or
gid!
There is more to this whole mess than meets the eye, but yes, we do need
to allow an aribtary SID->uid/gid, uid/gid -> SID backend system.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list