Valid users & SAMBA_3_0_23
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Aug 4 17:02:24 GMT 2006
On Fri, Aug 04, 2006 at 08:36:01AM -0700, Jeremy Allison wrote:
> > Since I am of the position that all domain accounts in
> > smb.conf should be fully qualified, I'd expect 'force user =
> > lizard' to resolve the to the Unix SID and not domain SID.
This depends upon whether "lizard" is in smbpasswd or not.
If it's in smbpasswd, pdb_getsampwnam will pick it up and we
get the local SAM sid, if it's not, then we get
s-1-22-1-<uid>.
> Yep - just looked at the code in lookup_name(). That's
> what is going this. There's a comment in there for a
> similar common case :
>
> * For 'valid users = +users' we know "users" is most probably not
> * BUILTIN\users but the unix group users. This hack requires the
> * admin to explicitly qualify BUILTIN if BUILTIN\users is meant.
> *
>
> I'm loath to change lookup_name, Volker spent a *lot* of time
> getting that right :-). Let me look at the codepaths....
>
> Using a domain of "Unix users" will force the correct lookup....
Yep.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060804/8b53f7e4/attachment.bin
More information about the samba-technical
mailing list