[PATCH] winbindd use flat files

Josh Durham jdurham at vt.edu
Thu Oct 3 23:01:01 GMT 2002


HISTORY
      I've had a little bit of a dilemma ever since Windows XP SP1 came 
out - roaming profiles that are stored on a Samba server broke.  They 
also broke earlier when Windows 2000 SP2 was released, but was fixed by 
adding 'nt acl support = no' in the profile's definition.  This option 
(according to previous posts) prevents XP SP1 from using roaming 
profiles.  The reason behind this is the SID returned by the Samba 
server was the SID of the SAMBASERVER\user account, instead of the 
DOMAIN\user account.
      The easy solution was to use winbind.  Winbind will map Domain 
Account SIDs (DOMAIN\user) to UNIX UIDs.   The problem I had with this 
is it dynamically allocates the UNIX UID.  This was unacceptable in my 
situation because we also use NFS, which requires consistent UNIX UIDs 
across different computers.  If we used Winbind, the UIDs are allocated 
on a 'first come, first serve' basis.

SOLUTION
      I hacked winbindd to use 'flat files', such as /etc/passwd and 
/etc/group.  When winbindd gets a request to map a sid to an uid, it 
will now check to see if that account already exists in a flat file.  
If it does, it will map the preexisting UID to the SID.  It does the 
check by seeing if the Windows (user|group)name exists in the 
(passwd|group) file.  If it doesn't find the account, it will do the 
normal dynamic allocation as before.
      The attached patches add three configuration options:
winbind use flat files (G)
This parameter specifies whether winbindd should use flat files to look 
up UIDs, instead of always dynamically allocating them.  If winbindd 
can not find the uid of the request, it will fall back to the dynamic 
allocation.

Default: winbind use flat files = false

Example: winbind use flat files = true


winbind password file path (G)
This parameter specifies the file it should use to look up user IDs 
when using flat files.  This file has to be a standard UNIX passwd file.

Default: winbind password file path = /etc/passwd

Example: winbind password file path = /etc/global-passwds

winbind group file path (G)
This parameter specifies the file it should use to look up group IDs 
when using flat files.  This file has to be a standard UNIX group file.

Default: winbind password file path = /etc/group

Example: winbind password file path = /etc/global-groups


ISSUES
      This system will fail if it is in a domain with trusts and there 
are accounts with the same name.   I'm not sure exactly what will 
happen, but I'm pretty sure it won't be what you want.


NOTES
I did notice on the Samba 3.0 Roadmap, there is 'hook for utilizing a 
centralized winbindd id map database', and I'm not sure exactly what 
this is.  Or if this may do what was wanted.  It sounds like some sort 
of master (LDAP?) database that all the client winbindds can find a 
UID/GID.   This seemed a little too complex, when all I have to worry 
about now is distributing the passwd/group files to all the winbindd 
computers.  So, I don't expect this to go into the distribution unless 
the team deems it very useful.

BTW, I'm a Sysadmin, not a programmer.  I hope it doesn't show. :)

Attached are two patches.  one is the patch against samba-2.5, and the 
other is against samba-3.0alpha20.  I've tested the samba-2.5 
extensively, I haven't run the samba-3.0 at all; I'm not even sure it 
compiles.  But the places I modified in 2.5 havn't changed in 3.0 
(except for some new flags in loadparm.c, which I just copied.)

Please comment.  I'd like this to be more useful for other people, but 
it was a way to fix a problem I was having.

- Josh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba2.5-winbind-flat-files.patch
Type: application/octet-stream
Size: 7475 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021003/9d45c81d/samba2.5-winbind-flat-files.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba3.0-winbind-flat-files.patch
Type: application/octet-stream
Size: 7776 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021003/9d45c81d/samba3.0-winbind-flat-files.obj


More information about the samba-technical mailing list