Marco Gaiarin
2018-Jan-12 16:15 UTC
[Samba] Avoiding uid conflicts between rfc2307 user/groups and computers
Mandi! Björn JACKE via samba In chel di` si favelave...> machine account instead of the connecting user account. One option is to assign > rfc2307 attributes also for all the machine accounts, too. The other option isSome drawbacks on that? Clearly, apart the management cost of assigning an UID to machine accounts? Clearly, also 'Domain Computers' group have to get assigned an GID, right? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland Penny
2018-Jan-12 16:24 UTC
[Samba] Avoiding uid conflicts between rfc2307 user/groups and computers
On Fri, 12 Jan 2018 17:15:44 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Björn JACKE via samba > In chel di` si favelave... > > > machine account instead of the connecting user account. One option > > is to assign rfc2307 attributes also for all the machine accounts, > > too. The other option is > > Some drawbacks on that? Clearly, apart the management cost of > assigning an UID to machine accounts?Not really a problem, a computer account is just a user account with another objectclass.> > Clearly, also 'Domain Computers' group have to get assigned an GID, > right?Yes. The question is, do you need to do this ? Will a computer own anything on a Unix machine ? Rowland
Björn JACKE
2018-Jan-12 16:42 UTC
[Samba] Avoiding uid conflicts between rfc2307 user/groups and computers
On 2018-01-12 at 16:24 +0000 Rowland Penny via samba sent off:> > Clearly, also 'Domain Computers' group have to get assigned an GID, > > right? > > Yes. > > The question is, do you need to do this ? Will a computer own anything > on a Unix machine ?it's not the question if he owns anything. It's enough that the machine uses the machine account during the tree connect to make it fail without a corresponding posix account. Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de