[wplug] samba "machines" group

Dane Miller dane at olneyfriends.org
Wed Jun 29 16:24:55 EDT 2005 

Thanks for the reply.  

I'm dealing with a server (Debian Sarge) doing NFS/NIS and Samba.  I'm
trying to set up a workstation with Ubuntu so it gets users and groups
over NIS.  There are several GIDs < 1000 (system GIDs) that conflict
between the server and the workstations.  For example, the GID 110 is
"machines" on the server and "messagebus" on the Ubuntu workstation.

Note that it is possible to configure NIS to skip the system GIDs and
start above 1000.  While this method would eliminate GID conflicts, it
would also prevent users from accessing system resources like cdrom and
floppy, whose GIDs are 10-115.

So I think I need to synchronize GIDs on the NIS server and the
workstations.  And that's where my original question comes in... is
there a standard GID assignment in Linux?  What is the correct GID for
common system groups?  Does Linux Standard Base specify this?

Dane

On Wed, 2005-06-29 at 15:45 -0400, Chester R. Hosey wrote:
> On Wed, 2005-06-29 at 14:52 -0400, Dane Miller wrote:
> > Is there a correct GID for the "machines" group in Linux?  This will
> > be 
> > the primary GID for Samba workstation accounts.  Who decides what is 
> > correct?  LSB?
> > 
> > Dane
> 
> I would say that it depends on where you're using the GID, and for what
> specific purpose.
> 
> Unless you're trying to share a UID or GID across systems, you can
> pretty much assign whatever you like. Beyond using UID 0 for superuser I
> don't believe there's much of a standard in place. This is especially
> true when you're not using NFS or something similar which depends on IDs
> to match between systems.
> 
> You said Samba workstation accounts -- this doesn't make it clear
> whether these are accounts on a central server used for Samba to
> authenticate Windows logins, or for some other purpose. If the former is
> the case, you don't need to do anything beyond finding an unused GID on
> the server as the GIDs won't be used across the SMB protocol.
> 
> If you need to synchronize UID and GID assignments between machines due
> to NFS sharing or similar, that's another story. If you have a small
> number of machines you might try to find a GID which is unused across
> all machines. If you're bored or have a larger setup you'll want to use
> something like NIS+, which is the de facto standard for *NIX account
> management across networks (especially those involving NFS).
> 
> If it's a huge network you'll want to play with OpenLDAP or another
> directory server. It's a more flexible and robust solution, but in this
> case flexible and robust can also mean difficult to manage. Add in
> Kerberos and you've almost duplicated Microsoft Active Directory's
> functionality with the use of Microsoft's Services for UNIX for UID
> mapping. That is, except for having a nice pointy-clicky interface --
> you'll still have to do a good bit of scripting for user management.
> 
> Let me know if there's anything more specific you'd like to know about,
> or feel free to clarify your question by describing your setup in more
> detail.
> 
> Chet
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.wplug.org/pipermail/wplug/attachments/20050629/f1961808/attachment.bin

More information about the wplug mailing list