Long machine names...
Tim Winders
twinders at SPC.cc.tx.us
Thu May 21 19:50:01 GMT 1998
On Thu, 21 May 1998, Jeremy Allison wrote:
> > When does the need for a real unix account come into play? When creating
> > the initial trust account? For future DC stuff?
>
> You are correct in that at present none of the Samba
> code actually uses the fact that the machine account
> has an actual existance in the UNIX password file (that's
> why it's working for you right now). Currently, the
> requirement that the machine account have an existance
> in the UNIX password database is to stop duplicate
> uids being used by accident.
OK. So, I will have to redo these accounts when this $ problem gets
figured out. No problem.
> When NT clients connect to do
> DCE/RPC, they do so down
> an annonymous connection (which is mapped in Samba
> to the guest user), they then authenticate themselves
> by passing a machine name in the authentication
> setup RPC. Currently there is no known RPC that causes
> filesystem interaction down this pipe - but if there
> is, or there was an RPC that required a level of permission
> control on the UNIX system, then there needs to be a
> UNIX uid we can use to determine access permissions.
>
> Simply using the guest user might not do if it were
> a machine specific restriction (for example).
OK, I think I am finally on track. Thanks for the explaination!
=== Tim
---------------------------------------------------------------------
| Tim Winders, CNE, MCSE | Email: TWinders at SPC.cc.tx.us |
| Network Administrator | Phone: 806-894-9611 x 2369 |
| South Plains College | Fax: 806-897-4711 |
---------------------------------------------------------------------
More information about the samba-technical
mailing list