winbindd uid and gid range assumptions
abartlet at pcug.org.au
Mon May 13 15:45:03 GMT 2002
Mike Gerdts wrote:
> It seems as though there was an assumption that users of winbindd would
> have switched entirely to NT domain authentication or that they would
> have distinct range of UIDs/GIDs for /etc/passwd (or NIS) and NT domain.
> Is there any good reason to not just let get_id_from_sid() in
> nsswitch/winbindd_idmap.c do all the checking? It seems as though the
> optimization achieved by the multitude of checks is minimal and greatly
> reduces the chances integration possibilities between winbindd and
> traditional unix authentication.
Moving over the socket is a very expencive operation, particularly
compared to a simple if statement. Also, where we know that a uid is
local, we need to check with code that winbind isn't linked to - the
But yes, we need to deal with things like getting the uid from the SFU
LDAP schema, so this may well change in the future.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical