refactoring idmap code in smbd
Gerald (Jerry) Carter
jerry at samba.org
Wed Jul 9 16:45:25 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, 6 Jul 2003, Gerald (Jerry) Carter wrote:
> In exchange for removing all idmap calls from smbd, the forthcoming code
> will
>
> a) go through winbindd for all uid/gid allocation
done.
> b) complete the winbindd_passdb code to support
> users not in /etc/passwd (for machine trust accounts and
> for domain migration)
Tossed winbindd_passdb.c. Didn't need it to support either
reqwuirement (machine trust accounts or domain migration).
> c) group mapping will be supported both with and without winbindd
always handled by local_xxx() famlity of functions in smbd/uid.c
> d) algorithmic rid mapping will still exist in its current
> (as a fallback mechanism controled by a parameter) and marked
> as deprecated
done.
> e) require the use of NSS with winbindd (this was a requirement
> in the later 2.2 releases so we're not breaking backwards
> compatibility)
done.
The new code has been checked in. Please see
docs/README.idmap-and-winbind-changes in CVS for details.
I'm sure there will be a lot of discussion on this.
I'll give everyone time to digest the new design.
The code has been checked on
* domain members (running winbindd) of a Samba domain
and an AD domain
* on a Samba PDC running winbindd with a 2-way trust
to an NT4 domain). Includes domain joins and automatic
creation of UNIX entities for machine trust accounts.
* migrating an NT4 domain to a Samba PDC
* standalone server
There are a couple of known issues:
1) The user/group enumeration (getpwent()) for
winbindd's acccount management functions is not done.
2) The "delete user" and "delete group" functions are
only stubb functions currently
3) when 'winbind trusted domains only = yes' is set, acls
show the user as LOCAL_MACHINE\user instead of DOMAIN\user
on the the samba domain member.
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/DEalIR7qMdg1EfYRAouWAJ0Y/H3aQJ0esihANz3HRstK/Lux1ACdGmXI
zj42boMO67KMbrLdFdzomWA=
=pske
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list