support for privileges in Samba 3.0

Andrew Bartlett abartlet at samba.org
Thu Jan 13 01:57:58 GMT 2005 

On Thu, 2005-01-13 at 01:07 +0100, Guenther Deschner wrote:
> Hi Jerry,
> 
> On Wed, Jan 12, 2005 at 04:46:19PM -0600, Gerald (Jerry) Carter wrote:
> > I have gone back and reworked the privileges code (twice)
> > for inclusion in 3.0.11. 
> 
> Very good news!

Indeed!  I'll be glad to change that root password, and not have to give
it out to all the underlings :-)

> [...]
> 
> > I'm planning on implementing enough of the SAM
> > replication protocol to get Samba -> Samba replication
> > working for account policies and privileges.
> 
> Very interesting. This means there is no sense in putting more effort into
> migrating account policies into passdb? I'm asking because I was just
> about updating the somewhat older patch available at
> https://bugzilla.samba.org/show_bug.cgi?id=1913 in preparation for commit.

Personally, I would like to see that at least make it into trunk.

I still feel that LDAP provides a better (and two-way, with the rebind
to the master) replication system, and I'm a little surprised to see
things heading in this direction.  

While I agree that the passdb interface is a heavyweight bastard, I'm
keeping one eye on things like the patches out of Novell for eDirectory
support, which are now at the stage of being a slightly-modified
pdb_ldap.  

But even without considering the eDirectory side, I wonder how many
sites are actually correctly setup for SamSync style replication
(correct communication paths for CIFS between PDC and BDC, notifications
etc), compared to 'tacking on' to the working LDAP arrangement?

While I can only speak as an administrator of an LDAP/Samba based site,
and not as a developer (now that I'm off in Samba4 land most of the
time), I have enjoyed the ability to manually inspect the LDAP
directory, and it seems a pity to move more towards data in tdbs only,
with a different synchronisation system.

Anyway, I'll go back to implementing 'net vampire' for Samba4 :-)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050113/7bc31f5a/attachment.bin

More information about the samba-technical mailing list