CVS update: samba/source
Jeremy Allison
jallison at whistle.com
Thu Mar 26 18:02:51 GMT 1998
Jean-Francois Micouleau wrote:
>
> On Thu, 26 Mar 1998, Luke Kenneth Casson Leighton wrote:
>
> > workstation should be the default. server is reserved, i believe, for
> > Backup Domain Controllers. the majority of machines are going to be
> > ordinary workstations (ACB_WKSTRUST).
>
> Servers ? I think there are BDC, file servers, and trust relationships ?
>
Luke, you are correct. Sorry for that bug. I will remove
the code in the new smbpasswd that allows selection of
ACB_SVRTRUST and replace it with ACB_WSTRUST.
>
> I think it's time to split the smbpasswd file for users and machines and
> make two distinct files.
>
Well I had a long discussion with Andrew about this.
We came to the conclusion that we can't do this yet (even
though I originally wanted to).
The reason is that NT machines enumerating accounts
expect to see machine accounts as well as user accounts.
It would complicate things somewhat if we had a separate
machine account file - a lot of the security code would
get more complicated. I'd like to revisit doing this
a little later, but for now it's much more convenient
to leave the machine accounts in the smbpasswd file.
> (have to check the code) but if you create uid for machines, people will
> tend to be lost.
>
Right now my 'new machine' code starts counting down
from MAX(((unsigned)(sizeof(uid_t))/2 - 1) (to get around
signed/unsigned issues) and so shouldn't overlap with allocated
unix uid's. Another big question - do we want to insist
that machine accounts have matching UNIX accounts (I'd
like to - as I trust the unix account database method
much more than the NT one) - what do people think ?
> > don't forget that we really actually need to add two more fields: a user
> > RID and a Primary Group RID, in _addition_ to the unix uid in the
> > smbpasswd file.
> >
Nope I disagree with this. We just need a mapping function
from unix uid to NT RID, and the primary group rid should
be handled by mapping the unix primary gid to an NT RID.
> > if these are not added, then by default there should exist a "unix
> > uid/gid" <-> "NT user RID / group RID" function, which we have already
> > agreed should be based on the NT Posix mapping system (NT User RID = unix
> > uid + 0x100000; NT Group RID = unix gid + 0x200000" i think).
>
We should use the softway OpenNT system. The only
problem is on unix's where sizeof(uid_t) == 2 - which
is lots of them I think. We really need a 32 bit RID
type.
> There is something else with groups while we are at it.
>
> In english version of NT: Domain admins group
> In french version: Administrateurs du domaine.
>
> We will need a new small text file a la username mapping, to map the
> domain group RID to the corresponding name
>
Why can't we use the unix /etc/group file for this (although
in practice I think you're probably right - we need one to
map stuff like 'Administrators' -> 'wheel' etc). ?
Jeremy.
--
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------
More information about the samba-technical
mailing list