[Samba] Re: winbind: authenticating UNIX user before Win Domain
user
Luke Mewburn
luke at mewburn.net
Fri Nov 19 13:16:56 GMT 2004
On Thu, Nov 18, 2004 at 10:49:39AM -0800, Matt Seitz wrote:
| Luke Mewburn wrote:
| > I have the same requirement; except samba can't currently do this. See:
| > http://lists.samba.org/archive/samba/2004-October/094981.html
| >
| >I implemented a "trim default domain" option and provided a patch in:
| > http://www.dragoninc.on.ca/mail-archives/samba-technical/2004-10/0342.html
|
| What about the following scenario?
|
| 1. User1 is not in NIS.
| 2. DOMAIN\User1 logs into Samba
| 3. Winbind creates UID for User1
| 4. NIS administrator then adds User1 to NIS
|
| It appears you could end up with conflicting UIDs for User1, unless Winbind
| automatically added the user to NIS at the same time.
For my usage model, the conflicting UIDs are acceptable,
and this possibility is/will be documented as such.
If your UNIX & ADS admins are communicating, it is be a simple
matter of creating the NIS account and using find && chown to
change the perms from the original Winbind-allocated-UID to the
new UID.
If your UNIX & ADS admins aren't communicating in that scenario,
you're in more trouble than I care to think about. Seriously.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20041120/27904fb5/attachment.bin
More information about the samba
mailing list