NUA for machine accounts

Andrew Bartlett abartlet at
Thu May 6 12:15:15 GMT 2004

On Thu, 2004-05-06 at 21:34, Tom Alsberg wrote:
> If I understand correctly, NUA (No Unix Account) is gone from Samba
> 3.0 already.  (Any plans for it?  Idea for replacement?)

It was a bad idea - even machines 'log in' to the server, and need real
POSIX identities.

> However I don't want each workstation to have a Unix account (or a
> UID, for that matter).  Mapping them to user nobody in the simplest
> way breaks because then they all have the same SID as well.

Why not?  I really think that the 'cost' of a line in /etc/passwd (given
we are going to need the UID soon anyway) is not much.

Machines can log in, own files, and generally do everthing a user can
do.  In the NTLM world, the 'log in' bit is weird, but kerberos (and
some possible changes I want to make to Samba) make it a real thing.

> I want to do something, that will give all workstations the UID of
> nobody, (and no local Unix record) but give each a unique SID.
> Currently my idea is to look at the add account routines (in tdbsam)
> and modify them to look for a new available SID, and give that to the
> account.  That means some modifications in tdbsam, though, so I'm
> trying to avoid it.
> How can I do it as cleanly as possible in my external passdb module?
> The principal question is - since the add_sam_account gets an already
> filled structure, it will probably break if I change the SID there
> (something previous would have already assumed a different SID), so
> where should the change be?

Really, just don't play with this.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list