storing our machine account name in secrets.tdb
simo
idra at samba.org
Tue Mar 13 19:42:11 GMT 2007
On Tue, 2007-03-13 at 20:42 +0100, Volker Lendecke wrote:
> On Tue, Mar 13, 2007 at 03:32:56PM -0400, simo wrote:
> > Sorry, I was unclear.
> > By client/desktop I meant a system were only winbindd is running, no
> > smbd.
> > By domain member I meant a file server with both smbd and winbindd
> > running.
> >
> > The second case requires to make sure smbd and winbindd do not get "out
> > of sync" wrt the name they use.
>
> smbd mainly has to use this for authentication. From a
> client's perspective (i.e. nmbd) I would just normally
> continue to use global_myname() whatever that is. If it
> comes to authenticate a client's user/password and we need
> to establish a credential chain, then and only then we use
> the name stored in secrets.tdb.
Fine by me. And to reply to jerry's concern as well, I think this will
_add_ robustness not weaken it. As now we have a reliable place where
admins can't mess by mistake to know exactly what name we used to join
to the domain.
Volker if you have not done yet, I would add both the NetBIOS and the
FQDN names here. This will make it possible for an admin to change the
hostname (or netbios name in smb.conf) and run a command that will be
able to correctly clean up the domain credentials and create the new
ones with a lot less errors.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list