I have just started testing of winbindd, to make it so that NT users may or may not have UNIX accounts. I have run into two problems. I am fishing for solutions that work for me and others.
1. UNIX UID/GID assigment The incremental UNIX UID and GID assigment method seems great for standalone samba servers or standalone Unix workstations. When you introduce NFS it becomes a mess. To address this, I have hacked up winbindd to get non-cached UIDs from an Oracle database. Thus, our Samba server no longer needs to use NIS, Unix accounts do not need to be created in advance, and if a Unix account is created at some time, the UID is consistent with the UID that the user will get at some time. Would it be useful to make the UID/GID miss code allow for a generic plugin? I am thinking of something along the lines of BOOL local_lookup_uid(const char *domain, const char *user, uid_t *uid) BOOL local_lookup_gid(const char *domain, const char *user, gid_t *gid) Those functions would appear in a shared library referenced by a new configuration option "winbind id library". This would make it easy for people to write a few lines of clean code rather than hacking the internals of winbindd to integrate this with their enterprise. I envision the first plugin to be one that is able to read from a flat file with lines like "domain:user:uid". Would it be better to just have a tool that can be used to populate the .tdb file and have winbindd not assign new UIDs or GIDs? 2. Default GID It would be useful to be able to create a group mapping so that all users don't end up creating all their files with a GID of "Domain Users". That is, I would like some method to say that bob and sue get group id 123 when they log in, but frank gets gid 327. My thought is to do a flat file (domain:user:gid) that gets loaded into the tdb file, either onesy twosy or in bulk. Is anyone else working these issues? Are other solutions in the works? Would decent code implementing anything that I mention here be included in future releases? Mike