refactoring idmap code in smbd

Simo Sorce simo.sorce at xsec.it
Wed Jul 9 17:52:47 GMT 2003


On Wed, 2003-07-09 at 19:38, Jeremy Allison wrote:
> On Wed, Jul 09, 2003 at 07:34:14PM +0200, Simo Sorce wrote:
> > 
> > who said it will need logon hours?
> > It was meant to unify completely user management and avoid information
> > duplication.
> 
> smbd manages SAM accounts. winbindd manages remote mapping onto
> POSIX accounts (and now can be a local store of POSIX accounts).
> "Never the twain shall meet". There is no duplication as they
> don't store anything in common.

Wel lthe idea was to allow a pdc to make it's account available to the
underling system through winbind.

So that you have a single source of accounts, your SAM both for samba
AND the system.

That have teh very positive effect that you do not have 2 different
nsswitch databases but a single one: winbind that serves all the
accounts, remote and local, able to correctly init groups that contain
users from different sources, make group unrollings to support the group
in group feature of the windows domain semnthics and so on.

Simo.

-- 
Simo Sorce - simo.sorce at xsec.it
Xsec s.r.l. - http://www.xsec.it
via Durando 10 Ed. G - 20158 - Milano
mobile: +39 329 328 7702
tel. +39 02 2399 7130 - fax: +39 02 700 442 399
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030709/c811d81e/attachment.bin


More information about the samba-technical mailing list