[EMAIL PROTECTED] wrote: > > On Wed, Oct 02, 2002 at 12:14:37PM +1000, Andrew Bartlett wrote: > > > > One of the primary tenants of the 'new SAM' is that it would not attempt > > to deal with 'what unix id for that'. This would be left to the 'SMS' > > (Sid Mapping System') or SID farm, and probably administered via > > winbind. We have had constructive discussion on how 'basic' unix > > accounts like 'root' would be handled, and we think this can work. > > Accounts not preexisting in unix would be served up via winbind. > > > > This is an *optional* part, and my preferred end-game. We have a fare > > way to go before things like winbind up to it however. > > Yeah, winbindd doesn't work on all systems and needs a *lot* of > work before we could depend on this.
vorlan made some comments on #samba-technical that made me think: When the backend is LDAP (and that's what it will be for the really big sites) we can use nss_ldap to our advantage here. No point reinventing the wheel - just make sure we store data back into the standard LDAP format (which we would anyway). And we still have our 'one source of information', this time the LDAP directory. I would still propose using winbind for other backends, but this gets around the nasty case scaleability issue, anyway. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
