[Samba] Re: winbind: authenticating UNIX user before Win Domain user

Luke Mewburn luke at mewburn.net
Fri Nov 19 13:16:56 GMT 2004


On Thu, Nov 18, 2004 at 10:49:39AM -0800, Matt Seitz wrote:
  | Luke Mewburn wrote:
  |  > I have the same requirement; except samba can't currently do this.  See:
  | >  http://lists.samba.org/archive/samba/2004-October/094981.html
  | >
  | >I implemented a "trim default domain" option and provided a patch in:
  | >  http://www.dragoninc.on.ca/mail-archives/samba-technical/2004-10/0342.html
  | 
  | What about the following scenario?
  | 
  | 1.  User1 is not in NIS.
  | 2.  DOMAIN\User1 logs into Samba
  | 3.  Winbind creates UID for User1
  | 4.  NIS administrator then adds User1 to NIS
  | 
  | It appears you could end up with conflicting UIDs for User1, unless Winbind 
  | automatically added the user to NIS at the same time.

For my usage model, the conflicting UIDs are acceptable,
and this possibility is/will be documented as such.

If your UNIX & ADS admins are communicating, it is be a simple
matter of creating the NIS account and using find && chown to
change the perms from the original Winbind-allocated-UID to the
new UID.

If your UNIX & ADS admins aren't communicating in that scenario,
you're in more trouble than I care to think about.  Seriously.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20041120/27904fb5/attachment.bin


More information about the samba mailing list