Bug in HEAD: srv_samr_nt.c and smbgroupedit assume algorithmic RIDs.

Andrew Bartlett abartlet at samba.org
Wed Sep 25 12:55:00 GMT 2002 

Volker.Lendecke at SerNet.DE wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> > As you work into this area, you will see why we decided on the 'start
> > over'...
> 
> My concern is that we will not be able to finish that work in any
> reasonable time frame. I would like to see 3.0 released. I completely
> agree that a redesign is desirable, but I would like to have a
> decently working PDC with 3.0. Otherwise we might simply want to dump
> 'net rpc vampire' completely. I would then take it out again so that
> people don't even expect something like this to work.

Well, the vampire stuff has a place no matter if we support having BDCs
or not, or how hackish those BDCs are.

I agree, getting the new SAM stuff in for 3.0 will be a stretch.  But
equally, I don't see good options that get us the required support in
any other form.

That said, I certainly don't oppose incremental steps to improve passdb
to a point where we can get some of this stuff working.  I'm just
worried about effort going into it when I consider that it can't move
forward on the current basis.  And I'm also worried (but less so) that
we will have parallel development into 3.0, and have neither in a shape
worth shipping.

> Currently there is no consensus upon how to replicate group mapping
> information to a Samba BDC. We should drop that support as
> well. Simply remove the 'server role BDC'.

I don't think we need to go that far - and as a short-term solution a
separate mechanism for populating mapping via ldap/tdb is quite
appropriate.  However, once you try to get a consistent name and sid
space between the two, you actually get most of what the SAM effort is
trying.  Despite all the fuss, the changes there really are not that
big, just fundamental ;-)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list