valid users again

Andrew Bartlett abartlet at samba.org
Sun Aug 6 22:19:02 GMT 2006


On Sun, 2006-08-06 at 12:12 -0700, Jeremy Allison wrote:
> On Sun, Aug 06, 2006 at 01:49:53PM -0500, Gerald (Jerry) Carter wrote:
> > 
> > Incorrect.  "valid users = %S" doesn't work on any domain
> > member with winbindd regardless of "winbind trusted domains
> > only".  If a local user exists that matches the domain username
> > you will have this problem.  Remember that we know consider
> > unqualified names in smb.conf as local names.  Domain users
> > are still domain users even if mapped to an existing Unix
> > account uid in this one case.
> 
> Ok, if there's already a case where "valid users = %S"
> doesn't do the obvious thing then I withdraw my objection
> to forcing an update to smb.conf. I was trying to follow
> the principle of least suprises, but if this is already
> broken then there's no benefit in adding an exception.

I always thought this was a weird option, prone to breakage.  Why not
add a 'private homedirs' option, which could even be on by default
(getting rid of the magic 'games' share people stumble over, that this
configuration is designed to control).

That option would not be prone to string configuration, but just to 'on
session setup, when we did a getpwnam() on this user, what home
directory did we get'.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060807/c8356fec/attachment.bin


More information about the samba-technical mailing list