Handles in the new SAM

Andrew Bartlett abartlet at samba.org
Wed Oct 2 06:57:00 GMT 2002

jra at dp.samba.org wrote:
> On Wed, Oct 02, 2002 at 12:14:37PM +1000, Andrew Bartlett wrote:
> >
> > One of the primary tenants of the 'new SAM' is that it would not attempt
> > to deal with 'what unix id for that'.  This would be left to the 'SMS'
> > (Sid Mapping System') or SID farm, and probably administered via
> > winbind.  We have had constructive discussion on how 'basic' unix
> > accounts like 'root' would be handled, and we think this can work.
> > Accounts not preexisting in unix would be served up via winbind.
> >
> > This is an *optional* part, and my preferred end-game.  We have a fare
> > way to go before things like winbind up to it however.
> Yeah, winbindd doesn't work on all systems and needs a *lot* of
> work before we could depend on this.

vorlan made some comments on #samba-technical that made me think:

When the backend is LDAP (and that's what it will be for the really big
sites) we can use nss_ldap to our advantage here.  No point reinventing
the wheel - just make sure we store data back into the standard LDAP
format (which we would anyway).  And we still have our 'one source of
information', this time the LDAP directory.  I would still propose using
winbind for other backends, but this gets around the nasty case
scaleability issue, anyway.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list