On Sun, 2003-03-23 at 08:01, [EMAIL PROTECTED] wrote: > On Sat, Mar 22, 2003 at 09:51:51PM +0100, Volker Lendecke wrote: > > Hmm. Just checked. This is definitely a change in behaviour. If you > > do not want the full winbind functionality, a simple 'add user script' > > is quite handy. Is there a reason why this does not work anymore as in > > 2.2? 2.2 added a user if the PDC gave its ok. > > > > If you ask me, I'd like the old behaviour back :-) > > Yes, the old behaviour needs to be restored, it is correct. > The reason is that not all Samba appliances are Linux based, > or even use PAM, so smbd needs to be able to call an add user > script if such is configured no matter what the security mode > is set to. > > The 'appliance' mode was the reason the 'add user script' was > added in the first place, that's how it is supposed to work. > > Whoever changed it please revert the change.
It was not a deliberate change, but the whole 'add user script' thing is a very big mess. For one, simply using the same parameter for PDC user creation and this 'appliance mode' HACK. Seconly, it's one of the last pieces of code that *relies* on the value of 'security =' (rather than auth methods). Basically, this is not one of the things I regularly test, and it looks like the auth subsystem has evolved to such a state that implementing this is actually quite difficult. Certainly it won't work where it is placed now, but the code itself it intact. (So don't bother with CVS blame). The problem is that we now require that sys_getgrouplist() functions for all logins, because this is where we get our first and final group list for the user - before we exit the auth subsystem. Putting this back in will require hacks right in the heart of whatever modules you want it to work for. And BTW, it was decided a *long* time ago that also executing it (ie, the same script and parameter) for 'no homedir' was just plain silly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
