[Samba] Identically named users and groups
gasch at eva.mpg.de
Wed Aug 9 07:05:26 GMT 2006
hi again :)
> It's a variant of the same problem but has been
> exacerbated by the change from string comparisons
> to token based access checks for smb.conf parameters.
stupid question: so why did you change to token based access check at
all? what were/are samba-internal reasons to do this?
> First there are two new domains in 3.0.23: "Unix User"
> (S-1-22-1) and "Unix Group" (S-1-22-2).
> There's am implied order of precedence being applied
> for unqualified names in smb.conf.
> * lookup the name as a user in passdb
> * lookup the name as a group in passdb
> * lookup the name as a user in "Unix User"
> * lookup the name as a group in "Unix Group"
> First match wins.
ok, but does this also apply on a member server running winbindd,
because you say "passdb" and i always thought a domain member running
winbindd has no own passdb
or is passdb here just a "global word" for user backends no matter if on
a DC or a member?
consider this case:
valid users = DOMAIN\test DOMAIN\test
DOMAIN\test is a user and a group (don´t ask why ;) )
members of the group DOMAIN\test would never be able to logon to this
thx for clarifying things, again!
> cheers, jerry
> Samba ------- http://www.samba.org
> Centeris ----------- http://www.centeris.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.4 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
Phone: 49 (0)341 - 3550 137
49 (0)341 - 3550 374
Fax: 49 (0)341 - 3550 399
More information about the samba