NUA for machine accounts
abartlet at samba.org
Thu May 6 12:15:15 GMT 2004
On Thu, 2004-05-06 at 21:34, Tom Alsberg wrote:
> If I understand correctly, NUA (No Unix Account) is gone from Samba
> 3.0 already. (Any plans for it? Idea for replacement?)
It was a bad idea - even machines 'log in' to the server, and need real
> However I don't want each workstation to have a Unix account (or a
> UID, for that matter). Mapping them to user nobody in the simplest
> way breaks because then they all have the same SID as well.
Why not? I really think that the 'cost' of a line in /etc/passwd (given
we are going to need the UID soon anyway) is not much.
Machines can log in, own files, and generally do everthing a user can
do. In the NTLM world, the 'log in' bit is weird, but kerberos (and
some possible changes I want to make to Samba) make it a real thing.
> I want to do something, that will give all workstations the UID of
> nobody, (and no local Unix record) but give each a unique SID.
> Currently my idea is to look at the add account routines (in tdbsam)
> and modify them to look for a new available SID, and give that to the
> account. That means some modifications in tdbsam, though, so I'm
> trying to avoid it.
> How can I do it as cleanly as possible in my external passdb module?
> The principal question is - since the add_sam_account gets an already
> filled structure, it will probably break if I change the SID there
> (something previous would have already assumed a different SID), so
> where should the change be?
Really, just don't play with this.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040506/85e880d7/attachment.bin
More information about the samba-technical