Handles in the new SAM
Andrew Bartlett
abartlet at samba.org
Wed Oct 2 06:57:00 GMT 2002
jra at dp.samba.org wrote:
>
> On Wed, Oct 02, 2002 at 12:14:37PM +1000, Andrew Bartlett wrote:
> >
> > One of the primary tenants of the 'new SAM' is that it would not attempt
> > to deal with 'what unix id for that'. This would be left to the 'SMS'
> > (Sid Mapping System') or SID farm, and probably administered via
> > winbind. We have had constructive discussion on how 'basic' unix
> > accounts like 'root' would be handled, and we think this can work.
> > Accounts not preexisting in unix would be served up via winbind.
> >
> > This is an *optional* part, and my preferred end-game. We have a fare
> > way to go before things like winbind up to it however.
>
> Yeah, winbindd doesn't work on all systems and needs a *lot* of
> work before we could depend on this.
vorlan made some comments on #samba-technical that made me think:
When the backend is LDAP (and that's what it will be for the really big
sites) we can use nss_ldap to our advantage here. No point reinventing
the wheel - just make sure we store data back into the standard LDAP
format (which we would anyway). And we still have our 'one source of
information', this time the LDAP directory. I would still propose using
winbind for other backends, but this gets around the nasty case
scaleability issue, anyway.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list