refactoring idmap code in smbd

Andrew Bartlett abartlet at
Thu Jul 10 07:59:59 GMT 2003

On Thu, Jul 10, 2003 at 06:16:23AM +0000, Jeremy Allison wrote:
> On Thu, Jul 10, 2003 at 01:31:22AM +0000, Andrew Bartlett wrote:
> > 
> > If it was just unix uid and groups then I would be quite happy with it - but
> > now we have duplication of information - both the SAM and winbind have 
> > independent ideas of what a user's unix username is, and what their full name
> > is.  When a user is added or deleted from the SAM, winbind might not be told 
> > (pdbedit with winbind shut down, for example), and there appears to be no
> > way to keep the other details (full name etc) in sync.
> Rephrase this as "both the SAM and /etc/passwd have
> independent ideas of what a users' unix uusername
> is, and what their full name is" and
> you'll see why this arguement is specious...

So when we update a user's full name with user manager, we are happy to 
just leave the nsswtich data stale?  All other winbind users get updated - why
should users on a Samba PDC be made different?

Likewise, we have the very real issue of account renaming - this happens 
particularly when we have a member server that changes it's name.  Currently
we are unable to support this - and this deigin makes it harder - not easier.

(Users in trusted domains area easily renamed - as we only store the SID->UID

> We've worked like this for 9 years. It's how
> Samba works...

Except the samba we have now is not the Samba we started with - and I think 
that is a very good thing.  We also now have a very clear idmap (at lest it was
clear), which is SID based.  By putting usernames back into the mix, we have
the very real risk of inconsistant mappings - as some go by sid (NT ACLs)
and some go by name (logins) but we never double check them both.

Particularly due to case senstivity and domain qualification issues, username 
based mappings have been phased out of Samba 3.0.  (Until now at least...)

Andrew Bartlett

More information about the samba-technical mailing list