Upgrade issue with 3.0.21b->3.0.22
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Feb 8 17:52:45 GMT 2006
On Wed, Feb 08, 2006 at 10:31:10AM -0600, Gerald (Jerry) Carter wrote:
> > Whatever we do, we will need to plaster an upgrade HOWTO
> > in some very visible places (not just the release notes).
> > Other than the primary group SID and object ACLs on
> > client NTFS partitions, what are the other problematic cases?
It's not only the primary group, it's all groups that a user
is member of.
> > Can we simply ignore the primaryGroupSID from the passdb objects
> > and force the Domain Users SID (requiring that the admin
> > has setup a mapping for this one group)? This would be in the
> > NT_USER_TOKEN only and not affect the Unix token.
In the end, I'd like to be able to ignore the
primaryGroupSid attribute. We can not default to domain
users I think, users don't have to be in that group at all.
And I don't like the idea that we have a special case for
the domain users SID. Even if it works now, sooner or later
someone is breaking it by adding the unix group that domain
users was mapped to.
> OK. Let's assume that we get everythign worked on a DC
> and standalone installation. A Samba member server in a domain
> can either (a) run winbindd, or (b) share Unix users and groups
> with the DC via NSS. The current 'winbind trusted domains only'
> is a hack and only really works with users and not groups.
>
> Therefore I would really like to finish the \unixinfo pipe
> you started since IMO it is a piece of the complete deployment
> solution. Any objections there ?
No, not at all. I'd be happy to see that proceed. I'm not
sure that I'm happy with the current IDL though. For speed
reasons, all calls should take arrays of the respective
objects. Otherwise a 'getent passwd' will be a complete
nightmare speedwise.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060208/85722c00/attachment.bin
More information about the samba-technical
mailing list