[Samba] libpam-winbind mkhomedir
Andrew Walker
walker.aj325 at gmail.com
Wed Jun 2 00:08:05 UTC 2021
On Tue, Jun 1, 2021 at 5:41 PM Andrew Walker <walker.aj325 at gmail.com> wrote:
>
>
> On Tue, Jun 1, 2021 at 4:41 PM Rowland penny via samba <
> samba at lists.samba.org> wrote:
>
>> On 01/06/2021 21:31, Andrew Walker wrote:
>> > On Tue, Jun 1, 2021 at 3:53 AM Rowland penny via samba
>> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>> >
>> > This doesn't affect Linux unless your computers gain a uidNumber
>> > and congratulations, you appear to have found
>> > a bug.
>> >
>> >
>> > I believe RID backend, which is being used here, can provide idmapping
>> > for computer accounts, since it just algorithmically maps IDs to SIDs.
>> > This can be helpful in some situations IIRC where Windows may attempt
>> > to authenticate to the samba server using its machine account rather
>> > than the account of the currently logged in user. I believe some
>> > backup software does this.
>>
>>
>> I found this out, I had never thought to run 'getent passwd' with a
>> computer name, but when I tried it using the 'rid' backend, it worked.
>> In my opinion it shouldn't, but if it has to, it shouldn't show the
>> computers primary group as Domain Users.
>>
>> Rowland
>>
>
> I'll have to think about this some, but I think I agree on this point.
> Perhaps for idmap backends supporting ID_TYPE_BOTH, we could just set
> primary gid to uid.
>
No. That's wrong. We probably need to have a primary group of "Domain
Computers" to be correct.
More information about the samba
mailing list