New Unix user and group domain
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sat Feb 25 17:34:22 GMT 2006
On Sat, Feb 25, 2006 at 10:30:14AM -0600, Gerald (Jerry) Carter wrote:
> The line "on't have to present to anyone" has me
> confused. I'm pretty sure we are saying the same thing.
> But we do have to present "Unix group\foo" in ACL
> dialogs. And we return the S-1-2-22-${gid} in the
> other_sids portion of the samlogon() reply.
Do we? Let me look... No, we don't. We could, but so far we
don't. Look at parse_net.c:1435... :-)
> Sounds right. SO we upgrade the >= 3.0.21 domain and
> then require explicit mappings.
Yes. Sounds right.
> Just to clarify, is this new net subcommand restricted to
> Samba DCs? I ask only because you used the term domain
> groups. Or do you simply mean groups within our SAM domain?
I mean Domain Groups in contrast to Local Groups ie Aliases.
So yes, I mean SID_TYPE_DOM_GRP type objects, wherever they
might be.
> I really would like to avoid automatic persistent mappings.
> I would prefer to get some mileage on the new design before
> trying to automate it too much. If we decide that automapping
> of groups is necessary, we can attack that problem separately.
> My vote is to, at least at first, err on the side of simplicity.
Ok, fair enough.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20060225/aa5e091e/attachment.bin
More information about the samba-technical
mailing list