[Samba] Identically named users and groups
Gerald (Jerry) Carter
jerry at samba.org
Wed Aug 9 11:52:20 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Michael Gasch wrote:
> hi again :)
>> It's a variant of the same problem but has been
>> exacerbated by the change from string comparisons
>> to token based access checks for smb.conf parameters.
> stupid question: so why did you change to token based
> access check at all? what were/are samba-internal reasons
> to do this?
Consistency. We have to use the token for so many
other access checks, it made little sense to have to
convert back and forth between uids/gids, strings, and
SIDs for handling smb.conf.
>> There's am implied order of precedence being applied
>> for unqualified names in smb.conf.
>> * lookup the name as a user in passdb
>> * lookup the name as a group in passdb
>> * lookup the name as a user in "Unix User"
>> * lookup the name as a group in "Unix Group"
>> First match wins.
> ok, but does this also apply on a member server
> running winbindd, because you say "passdb" and i always
> thought a domain member running winbindd has no own passdb
> or is passdb here just a "global word" for user
> backends no matter if on a DC or a member?
Domain members can have a local SAM. It's always been
like this. Think about loggnig onto a Windows client.
The CTRL+ALT+DEL screen presents you with at least two
domains. The Windows domain and the machine domain.
> consider this case:
> valid users = DOMAIN\test DOMAIN\test
> DOMAIN\test is a user and a group (don´t ask why ;) )
Won't work. Windows does not allow this. We've
been recommending against this for a while. Certainly
wouldn't work from the Windows object picker UI.
> members of the group DOMAIN\test woul never be able
> to logon to this share, right?
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba