[Samba] Avoiding uid conflicts between rfc2307 user/groups and computers
Rowland Penny
rpenny at samba.org
Fri Jan 12 17:27:47 UTC 2018
On Fri, 12 Jan 2018 18:14:05 +0100
Björn JACKE via samba <samba at lists.samba.org> wrote:
> On 2018-01-12 at 16:56 +0000 Rowland Penny sent off:
> > Surely the authentication of choice would be kerberos and this
> > wouldn't require a posix account.
>
> Rowland, you sound very confident, but still that doesn't make it
> right. The posix account needs to exist for smbd to be able to switch
> to the context of the connecting (computer) user. This is not a
> matter of the authentication mechanism.
>
> Björn
As far as I am aware, the client connects to a DC to authenticate a
user and before the user is authenticated, the client is checked to see
if it is a domain member. The method of choice for the computer
authentication is kerberos, this does not require posix attributes.
I am not disputing what you say, I am just asking for concrete proof
that a computer account MUST have a uidNumber account.
Rowland
More information about the samba
mailing list