[Samba] Win2k joining a Samba domain
Jim C.
jcllings at javahop.com
Wed Mar 10 16:17:13 GMT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
| Indeed, it is not a very secure system that requires that the root
| password be so widely distributed... :-)
Well 2 root accounts = 2 passwords. Right?
The real problem, as I see it, may not exist in Samba. It may live in
nss_ldap or in pam_ldap or both. For example, I shouldn't have to see
the computer accounts on my Linux server but according to the docs the
computers ou is for *storing* computer accounts. However,
experimentation shows that they are *sought* where nss_base_passwd says
user accounts are in /etc/ldap.conf. What is needed for something like
this, IMHO, is a provision both in samba and/or in nss_ldap for this
entry in /etc/ldap.conf:
nss_base_passwd_smb3 ou=Computers,dc=mynet,dc=net?one
In theory, nss_ldap/pam_ldap could be written so that posix accounts
mapped to the well known domain entities *just worked*. Either by
re-mapping them to appropriate uinx accounts or whatnot.
The other thing is that since we have an LDAP idmap anyway, why not make
it point both ways, i.e. maps could be from unix entities to samba
entites and from samba entities to unix entities?
Jim C.
- --
- -----------------------------------------------------------------
| I can be reached on the following messenger services: |
|---------------------------------------------------------------|
| MSN: j_c_llings at hotmail.com AIM: WyteLi0n ICQ: 123291844 |
|---------------------------------------------------------------|
| Y!: j_c_llings Jabber: jcllings at njs.netlab.cz |
- -----------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFATz+J57L0B7uXm9oRAnWvAJ4tmktxNh2LOVfPNgsqk+cxJZxR7QCfR8Cy
GSW13oy2Ewm8d0S4sLjCOE8=
=MC0m
-----END PGP SIGNATURE-----
More information about the samba
mailing list