--wuth-tdbsam ?

Simo Sorce simo.sorce at xsec.it
Fri Sep 27 08:22:00 GMT 2002

On Fri, 2002-09-27 at 03:53, Andrew Bartlett wrote:
> I honestly doubt tdbsam is sufficiently stable for use as a default.  I
> think we need that kind of backend, but given it's extremly limited
> testing, it worries me.  Yes, this is circular dependency.  

I haven't had an extensive test setup yet, but it is now more than an
year that I personally use only tdbsam and have no problems since
months! Tdbsam is not that difficult piece of code, and most later
problems have come out becouse of changes on other parts of samba (like
SAM_ACCOUNT->private + const mess), and they are all fixed.

> The way the ldap stuff got around it was that we had a 'pull' from
> users, but users by and large don't appriciate the benifits of tdbsam,
> so don't go out of their way to use it.

I know of users using tdbsam, simply because they _do not_ want to use
ldap, but need the extended functionality of tdbsam, like setting per
user home directories, profile paths, expiration times, etc ...

> Except we have a flag for 'password does not expire' - and we don't have
> a sensible way to set a negating flag 'password does expire'.  Forcing
> that flag 'on' might be the most sensible choice, except then we get a
> mismatch between smbpasswd and the other backends (again...).

This is a non problem, we only need to set all the defaults to behave
like smbpasswd would do. So no expiration at all, the administrator will
after that chose if he wants to set such policies.


Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20020927/b0131e05/attachment.bin

More information about the samba-technical mailing list