sam gums idmap from discussion to reality
play

SAM, GUMS, IDMAP From discussion to reality by Andrew Bartlett - PowerPoint PPT Presentation

Sep 21, 2022 •266 likes •450 views

SAM, GUMS, IDMAP From discussion to reality by Andrew Bartlett & Simo Sorce User Management in samba 2.0 Smbpasswd is used mainly for password storage No other password database backend Smbpasswd stores the unix user name and uid

  1. SAM, GUMS, IDMAP From discussion to reality by Andrew Bartlett & Simo Sorce

  2. User Management in samba 2.0  Smbpasswd is used mainly for password storage  No other password database backend  Smbpasswd stores the unix user name and uid Passwords only SMBD Smbpasswd getpwnam() POSIX

  3. User Management in samba 2.2  Multiple password databases  Databases can store other Windows related user data  The backends store the unix user name and the uid  Domain users provided through winbindd Authentication, user info Passswords & Smbpasswd UID/GID<->SID for domain other user info Ldapsam Winbindd SMBD Tdbsam Nisplussam LDAP NIS+ getpwnam() POSIX Nsswitch /etc/passwd PDC

  4. User Management in samba 3.0alpha Winbindd_pdb ? Authentication, SIDs & MySQL other user info Passswords,user info MySQL Smbpasswd Passdb modules interface Winbindd Ldapsam SMBD Tdbsam Nisplussam LDAP Xml NIS+ IDMAP Getpwnam() POSIX Nsswitch /etc/passwd PDC

  5. What is a 'SAM' Users: Username Full Name, Description SID Password Home, Profile, ... locations Logon restrictions Hours Machines Expiry 'Times' Dialup Properties Machines, Trusted Domains...

  6. Our passdb Loadable modules Weak group support No privileges support Arbitrary RID support Passdb Smbpasswd Stores only passwords Tdbsam Stores all the user informations as NT4 does Easy to set up Easy to back-up through tdbdump

  7. Our passdb Ldapsam Stores all the user informations as NT4 does Easy Unix/Samba user information coupling Easy replication over multiple servers Easy multi-DC/multi-Server infrastructures Not so easy to setup for non-experienced admins Easy integration with other services (Mail, ...)

  8. So where is the problem? Windows uses Security IDs (SID), not UIDs or GIDs. A SID can identify more things than merely users or groups World (S-1-1-0) Local System (S-1-5-18) A domain (S-1-5-21-1721414241-570541885-638950510) All authenticated users (S-1-5-11) ... Windows have a unified case-insensitive name space. NT Local Groups can contain groups and users Posix groups can contain only users.

  9. Names and ID spaces POSIX Win32 User Names User/Group Names User Names Workstation Names GIDs UIDs SIDs

  10. The Ideal SAM Only SIDs no UID/GIDs Unified case-insensitive name space Never check unix users Trust the idmap system Possibly users are provided back to the underlying system through winbindd

  11. IDMAP SIDs Domain A Domain B Workstation Unkown UIDs GIDs

  12. IDMAP sID<->[u,g]ID MAPping Only map SIDs to UID/GIDs, nothing else It is a “persistent cache” SID<->[U,G]ID mapped when(if) needed

  13. IDMAP with multiple servers Central IDMAP Server IDMAP Mapping Requests Local IDMAP Local IDMAP Local IDMAP

  14. IDMAP with multiple servers UIDs,GIDs allocate randomly All kept consistent by a central server The central server handle all the mappings Peripheral servers keep a “permanent cache”

  15. [U,G]ID Exhaustion SID space is a lot bigger than UID/GID space changing a mapping can be a security issue Changes will be an admin responsibility A notification mechanism based on sequence numbers will be implemented

  16. SAM vs GUMS A brief history of the internal fork Passdb SAM GUMS Dead paths Multiple domain support Multiple backends active at same time What we wanted: The perfect SAM (accounts, privs, ecc..) The perfect IDMAP Winbind on PDC

  17. How to Proceed Real needs: A system that is good enough Samba 3.0 Out! What will be into 3.0? IDMAP A possibly improved passdb Winbind on PDC (?)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HEALTHY TEETH AND GUMS AN J A L I G U P TA D E N T I S T 3 IMPORTANT THINGS WE MUST DO 1.

HEALTHY TEETH AND GUMS AN J A L I G U P TA D E N T I S T 3 IMPORTANT THINGS WE MUST DO 1.

HEALTHY TEETH AND GUMS AN J A L I G U P TA D E N T I S T 3 IMPORTANT THINGS WE MUST DO 1. BRUSH TWICE A DAY FOR 2-3 MINUTES If you are under 8 years of age, you need help from an adult JUST SPIT OUT THE TOOTHPASTE AFTER BRUSHING AND

325 views • 15 slides
Grid User Management Service GUMS Tutorial Carlos Fernando Gamboa Brookhaven National Laboratory

Grid User Management Service GUMS Tutorial Carlos Fernando Gamboa Brookhaven National Laboratory

Grid User Management Service GUMS Tutorial Carlos Fernando Gamboa Brookhaven National Laboratory Grid Colombia 2010, Bucaramaga, Colombia March 1-5 2010. Tutorial Goal With the aim of introducing system administrators to GUMS software the

459 views • 19 slides
Genetic structuring of Genetic structuring of spotted gums spotted gums Merv Shepherd Merv

Genetic structuring of Genetic structuring of spotted gums spotted gums Merv Shepherd Merv

Genetic structuring of Genetic structuring of spotted gums spotted gums Merv Shepherd Merv Shepherd Shabana Kasam Kasam Shabana Gary Ablett Ablett Gary Joel Ochieng Ochieng Joel Allison Crawford Allison Crawford Sub-tropical

776 views • 44 slides
What does a healthy cat look like? Eyes, mouth and ears Clear and bright eyes Clean ears

What does a healthy cat look like? Eyes, mouth and ears Clear and bright eyes Clean ears

What does a healthy cat look like? Eyes, mouth and ears Clear and bright eyes Clean ears with no waxy build up Tongue and gums pink and moist No ulcers, redness or bleeding around nose and mouth YES gums healthy NO

203 views • 16 slides
EXPERIENCE VIRTUAL REALITY VIRTUAL REALITY MARKET VR will be bigger than TV Virtual

EXPERIENCE VIRTUAL REALITY VIRTUAL REALITY MARKET VR will be bigger than TV Virtual

VIRTUAL REALITY HEADSET FOR SMARTPHONES EXPERIENCE VIRTUAL REALITY VIRTUAL REALITY MARKET VR will be bigger than TV Virtual reality is a medium, a Virtual reality was once the in 10 years. means by which humans can dream of

535 views • 16 slides
Oral Health Promotion For Healthy Places Joanne Nejrup Community Dental Services Unhealthy

Oral Health Promotion For Healthy Places Joanne Nejrup Community Dental Services Unhealthy

Oral Health Promotion For Healthy Places Joanne Nejrup Community Dental Services Unhealthy Mouth Clean and debris-free Tooth decay/ Cavities Gum enlargement/ Inflammation Gums are pale pink Bleeding gums Do not bleed Bad breath Tooth

331 views • 18 slides
Spatial Illusions: From Mirrors to Virtual Reality David Chalmers Virtual Reality Virtual

Spatial Illusions: From Mirrors to Virtual Reality David Chalmers Virtual Reality Virtual

Spatial Illusions: From Mirrors to Virtual Reality David Chalmers Virtual Reality Virtual reality technology: produces experiences as of an external reality grounded in a computer simulation. Virtual Reality and Philosophy

1.01k views • 76 slides
Rockem Reality Rockem Reality | Punch Detection Method Hand Acceleration Measurement

Rockem Reality Rockem Reality | Punch Detection Method Hand Acceleration Measurement

Purple A Mockup Review Rockem Reality Rockem Reality | Punch Detection Method Hand Acceleration Measurement Rockem Reality | Robot Punching Emulation Rockem Reality | Mockup Product: User Input Accelerometer Gloves Rockem Reality |

568 views • 18 slides
EON Company Overview 2017 Knut Henrik Aas CEO, EON Reality Norway AS EON Reality, Inc.| M: +47

EON Company Overview 2017 Knut Henrik Aas CEO, EON Reality Norway AS EON Reality, Inc.| M: +47

EON Company Overview 2017 Knut Henrik Aas CEO, EON Reality Norway AS EON Reality, Inc.| M: +47 934 00 154 skype: knuthenrikaas Facebook | Twitter | LinkedIn | Instagram Click to watch video About EON Reality Principles Global Leader in VR

516 views • 18 slides
The Reality Check HC2 Needs April 17, 2020 A BETTER HC2 | 1 DISCLAIMER THIS PRESENTATION IS

The Reality Check HC2 Needs April 17, 2020 A BETTER HC2 | 1 DISCLAIMER THIS PRESENTATION IS

The Reality Check HC2 Needs April 17, 2020 A BETTER HC2 | 1 DISCLAIMER THIS PRESENTATION IS FOR DISCUSSION AND GENERAL INFORMATIONAL PURPOSES ONLY. IT DOES NOT HAVE REGARD TO THE SPECIFIC INVESTMENT OBJECTIVE, FINANCIAL SITUATION, SUITABILITY,

366 views • 32 slides
VIRTUAL REALITY MEDICAL TRAINING Jack Pottle NAMDET 2018 1 2 3 4 Overview Myth-bust Inform

VIRTUAL REALITY MEDICAL TRAINING Jack Pottle NAMDET 2018 1 2 3 4 Overview Myth-bust Inform

VIRTUAL REALITY MEDICAL TRAINING Jack Pottle NAMDET 2018 1 2 3 4 Overview Myth-bust Inform decisions Discussion VR, AR, MR - theory Overview and Stimulate discussion Cut through the and practice hype evidence about future

681 views • 43 slides
Challenges in Networking to Support Augmented Reality and Virtual Reality Cedric Westphal

Challenges in Networking to Support Augmented Reality and Virtual Reality Cedric Westphal

Challenges in Networking to Support Augmented Reality and Virtual Reality Cedric Westphal Huawei IETF98- ICNRG Meeting Thursday 3/30/17 Trends in AR/VR Augmented Reality and Virtual Reality are going to create tremendous growth in

632 views • 15 slides
AUGMENTED REALITY A complete overview of what augmented reality is and how it will revolutionize

AUGMENTED REALITY A complete overview of what augmented reality is and how it will revolutionize

AUGMENTS ESSENTIAL GUIDE TO AUGMENTED REALITY A complete overview of what augmented reality is and how it will revolutionize business. INTRODUCTION This ebook offers helpful insight on augmented reality and how it applies to business from

562 views • 31 slides
Whats the reality? Are you agile enough to adapt? Whats the reality? The shape of the

Whats the reality? Are you agile enough to adapt? Whats the reality? The shape of the

Whats the reality? Are you agile enough to adapt? Whats the reality? The shape of the market 9/10 people say 85% of all customer interactions will be handled Collaborative services have without a human agent by 2020 improved

526 views • 8 slides
Is Augmented Reality the Future? TJ VanToll (@tjvantoll) Augmented Reality TJ VanToll

Is Augmented Reality the Future? TJ VanToll (@tjvantoll) Augmented Reality TJ VanToll

Is Augmented Reality the Future? TJ VanToll (@tjvantoll) Augmented Reality TJ VanToll Principal Developer Advocate @tjvantoll Agenda Brief history of AR AR today Building AR apps Augmented Reality (AR) is the integration of

875 views • 48 slides
Planar Augmented Reality Kameron Kincade What is Augmented Reality? Augment : to make

Planar Augmented Reality Kameron Kincade What is Augmented Reality? Augment : to make

Planar Augmented Reality Kameron Kincade What is Augmented Reality? Augment : to make greater or more intense Reality : perception of the real world Why Planar Objects? They are Common They are Detectable

488 views • 25 slides
Design and Application of a Scalable Virtual Organization Privileges Management Environment Nanbor

Design and Application of a Scalable Virtual Organization Privileges Management Environment Nanbor

Design and Application of a Scalable Virtual Organization Privileges Management Environment Nanbor Wang &lt;nanbor@txcorp.com&gt; Gabriele Garzoglio &lt;garzoglio@fnal.gov&gt; Balamurali Ananthan &lt;bala@txcorp.com&gt; Steven Timm

460 views • 23 slides
Proverbs Series Lesson #026 August 4, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert

Proverbs Series Lesson #026 August 4, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert

Proverbs Series Lesson #026 August 4, 2013 Dean Bible Ministries www.deanbible.org Dr. Robert L. Dean, Jr. Prov. 14:12, There is a way that seems right to a man, but its end is the way of death. Proverbs Guide for Skillful Living

235 views • 19 slides
&gt; in Selected Grid Infrastructures and using a subset of the available technologies (2010)

&gt; in Selected Grid Infrastructures and using a subset of the available technologies (2010)

Grid Technologies for AAI* &gt; in Selected Grid Infrastructures and using a subset of the available technologies (2010) David Groep, Nikhef with graphics by many others from publicly available sources ... based on the ISGC2010 Security

905 views • 52 slides
5/13/2019 Kit for New Parents DISTRIBUTION 1 Vicki Law Kit for New Parents Distributor 2

5/13/2019 Kit for New Parents DISTRIBUTION 1 Vicki Law Kit for New Parents Distributor 2

5/13/2019 Kit for New Parents DISTRIBUTION 1 Vicki Law Kit for New Parents Distributor 2 Introducing Vicki Law Non profit executive with 30 years of experience Worked for Girl Scouts of the USA in Napa and Solano counties;

406 views • 11 slides
Application of STREAMFINDER onto ESA/Gaia DR2 w/ Rodrigo A. Ibata and Nicolas F. Martin

Application of STREAMFINDER onto ESA/Gaia DR2 w/ Rodrigo A. Ibata and Nicolas F. Martin

Stellar Stream map of the Milky Way Halo : Application of STREAMFINDER onto ESA/Gaia DR2 w/ Rodrigo A. Ibata and Nicolas F. Martin @kmalhan07 Khyati Malhan PhD Student Supervisor: Dr. Rodrigo Ibata Stellar Streams Pal 5 stream. Discovered by

479 views • 26 slides
Accelerating our strategy: GSK to acquire full ownership of Consumer Healthcare Business Buyout

Accelerating our strategy: GSK to acquire full ownership of Consumer Healthcare Business Buyout

Accelerating our strategy: GSK to acquire full ownership of Consumer Healthcare Business Buyout of Novartis stake Strategic review of Horlicks and other Consumer Healthcare Nutrition products Cautionary statement regarding forward-looking

418 views • 28 slides
The Internet Route Registry and You: A Tier 1 Network Perspective Brian Foust Sr. Director,

The Internet Route Registry and You: A Tier 1 Network Perspective Brian Foust Sr. Director,

The Internet Route Registry and You: A Tier 1 Network Perspective Brian Foust Sr. Director, Customer Solutions NTT Communications Global IP Network AS2914 What is the Internet Route Registry? A distributed database of route and

417 views • 39 slides
Noninvasive Power Metering for Mobile and Embedded Systems

Noninvasive Power Metering for Mobile and Embedded Systems

Noninvasive Power Metering for Mobile and Embedded Systems Guoliang Xing Associate Professor Department of Computer Science and Engineering Michigan

446 views • 11 slides

More recommend