[wplug] samba "machines" group

Chester R. Hosey Chester.Hosey at gianteagle.com
Wed Jun 29 15:45:02 EDT 2005 

On Wed, 2005-06-29 at 14:52 -0400, Dane Miller wrote:
> Is there a correct GID for the "machines" group in Linux?  This will
> be 
> the primary GID for Samba workstation accounts.  Who decides what is 
> correct?  LSB?
> 
> Dane

I would say that it depends on where you're using the GID, and for what
specific purpose.

Unless you're trying to share a UID or GID across systems, you can
pretty much assign whatever you like. Beyond using UID 0 for superuser I
don't believe there's much of a standard in place. This is especially
true when you're not using NFS or something similar which depends on IDs
to match between systems.

You said Samba workstation accounts -- this doesn't make it clear
whether these are accounts on a central server used for Samba to
authenticate Windows logins, or for some other purpose. If the former is
the case, you don't need to do anything beyond finding an unused GID on
the server as the GIDs won't be used across the SMB protocol.

If you need to synchronize UID and GID assignments between machines due
to NFS sharing or similar, that's another story. If you have a small
number of machines you might try to find a GID which is unused across
all machines. If you're bored or have a larger setup you'll want to use
something like NIS+, which is the de facto standard for *NIX account
management across networks (especially those involving NFS).

If it's a huge network you'll want to play with OpenLDAP or another
directory server. It's a more flexible and robust solution, but in this
case flexible and robust can also mean difficult to manage. Add in
Kerberos and you've almost duplicated Microsoft Active Directory's
functionality with the use of Microsoft's Services for UNIX for UID
mapping. That is, except for having a nice pointy-clicky interface --
you'll still have to do a good bit of scripting for user management.

Let me know if there's anything more specific you'd like to know about,
or feel free to clarify your question by describing your setup in more
detail.

Chet

More information about the wplug mailing list