Web lists-archives.com

Re: [Samba] Avoiding uid conflicts between rfc2307 user/groups and computers




On Fri, 12 Jan 2018 18:14:05 +0100
Björn JACKE via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On 2018-01-12 at 16:56 +0000 Rowland Penny sent off:
> > Surely the authentication of choice would be kerberos and this
> > wouldn't require a posix account.
> 
> Rowland, you sound very confident, but still that doesn't make it
> right. The posix account needs to exist for smbd to be able to switch
> to the context of the connecting (computer) user. This is not a
> matter of the authentication mechanism.
> 
> Björn

As far as I am aware, the client connects to a DC to authenticate a
user and before the user is authenticated, the client is checked to see
if it is a domain member. The method of choice for the computer
authentication is kerberos, this does not require posix attributes.

I am not disputing what you say, I am just asking for concrete proof
that a computer account MUST have a uidNumber account.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba