Handles in the new SAM

Andrew Bartlett abartlet at samba.org
Wed Oct 2 06:57:00 GMT 2002


jra at dp.samba.org wrote:
> 
> On Wed, Oct 02, 2002 at 12:14:37PM +1000, Andrew Bartlett wrote:
> >
> > One of the primary tenants of the 'new SAM' is that it would not attempt
> > to deal with 'what unix id for that'.  This would be left to the 'SMS'
> > (Sid Mapping System') or SID farm, and probably administered via
> > winbind.  We have had constructive discussion on how 'basic' unix
> > accounts like 'root' would be handled, and we think this can work.
> > Accounts not preexisting in unix would be served up via winbind.
> >
> > This is an *optional* part, and my preferred end-game.  We have a fare
> > way to go before things like winbind up to it however.
> 
> Yeah, winbindd doesn't work on all systems and needs a *lot* of
> work before we could depend on this.

vorlan made some comments on #samba-technical that made me think:

When the backend is LDAP (and that's what it will be for the really big
sites) we can use nss_ldap to our advantage here.  No point reinventing
the wheel - just make sure we store data back into the standard LDAP
format (which we would anyway).  And we still have our 'one source of
information', this time the LDAP directory.  I would still propose using
winbind for other backends, but this gets around the nasty case
scaleability issue, anyway.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net



More information about the samba-technical mailing list