patch to allow winbind to provide fallback for nsswitch lookups
Eric Horst
erich at cac.washington.edu
Fri Oct 29 22:59:24 GMT 2004
> I.e, UIDs are obtained from /etc/passwd or NIS passwd if the user is
> present in those, otherwise winbind will provide a faked up UID
> (well, faked up 'struct passwd'...)
>
> What do people think?
> Surely I can't be the only person who needs this?
I think I need this. We use Unix /etc/passwd (hashed into db files) for
our UIDs. Our /etc/passwd file (and /etc/group) is kept in sync across a
dozen Samba servers (and 400 other servers) so we've never had use winbind
to dynamically assign UIDs or an LDAP setup to keep the UIDs synchronized
across the Samba servers.
Now that I've been under pressure to integrate with ADS Kerberos I find
that using /etc/passwd comes up short where computers (like
computer$@ADSDOMAIN) try to auth to Samba. While each user has a
corresponding /etc/passwd entry, each computer does not. I think your
patch helps because I can continue to use my Unix passwd file for users,
yet have winbindd dynamically assign UIDs for computers connecting.
--Eric
> smb.conf:
> security = ADS
> realm = FOO.BAR
> workground = FOO
> trim default domain = yes
> winbind use default domain = yes
> idmap uid = 50000-59999
> NIS passwd:
> user1:*:10001:20000:&:/home/user1:/bin/sh
> ADS users
> FOO\user1
> FOO\adsuser1
>
> We get the following behaviour:
> % kinit user1 at FOO.BAR
> % smbclient -k //samba/someshare
> connects as uid=10001
>
> % kinit adsuser1 at FOO.BAR
> % smbclient -k //samba/someshare
> connects as uid=50000 (or some other UID in 50000..59999)
>
> I.e, UIDs are obtained from /etc/passwd or NIS passwd if the user is
> present in those, otherwise winbind will provide a faked up UID
> (well, faked up 'struct passwd'...)
>
> What do people think?
> Surely I can't be the only person who needs this?
>
> Cheers,
> Luke.
>
More information about the samba-technical
mailing list