[Samba] Win2k joining a Samba domain

Jim C. jcllings at javahop.com
Wed Mar 10 16:17:13 GMT 2004

Hash: SHA1

| Indeed, it is not a very secure system that requires that the root
| password be so widely distributed... :-)

Well 2 root accounts = 2 passwords. Right?

The real problem, as I see it, may not exist in Samba.  It may live in
nss_ldap or in pam_ldap or both.  For example, I shouldn't have to see
the computer accounts on my Linux server but according to the docs the
computers ou is for *storing* computer accounts.  However,
experimentation shows that they are *sought* where nss_base_passwd says
user accounts are in /etc/ldap.conf.  What is needed for something like
this, IMHO, is a provision both in samba and/or in nss_ldap for this
entry in /etc/ldap.conf:

nss_base_passwd_smb3 ou=Computers,dc=mynet,dc=net?one	

In theory, nss_ldap/pam_ldap could be written so that posix accounts
mapped to the well known domain entities *just worked*.  Either by
re-mapping them to appropriate uinx accounts or whatnot.

The other thing is that since we have an LDAP idmap anyway, why not make
it point both ways, i.e. maps could be from unix entities to samba
entites and from samba entities to unix entities?

Jim C.

- --

- -----------------------------------------------------------------
| I can be reached on the following messenger services:		|
| MSN: j_c_llings at hotmail.com  AIM: WyteLi0n  ICQ: 123291844 	|
| Y!: j_c_llings               Jabber: jcllings at njs.netlab.cz	|
- -----------------------------------------------------------------
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list