Tuesday, April 21, 2009

samba3 document note

winbind
Winbind uses a UNIX implementation of Microsoft RPC calls, Pluggable Authentication Modules (PAMs), and the name service switch (NSS) to allow Windows NT domain users to appear and operate as UNIX users on a UNIX machine.

total:
Those tech will be used
1. M$ RPC(implementate by winbind)
2. PAM
3. NSS

I:
if windows is primary domain controler, samba is slave domain, so samba need to get users and groups map to system(by M$ RPC calls and nsswitch), user authentic password stay in windows machine(like AD), user login linux use PAM module

We divide the unified logon problem for UNIX machines into three smaller problems:

* Obtaining Windows NT user and group information.
* Authenticating Windows NT users.
* Password changing for Windows NT users.

II:
if samba is primary domain controler, windows is slave domain, so windows need to get users and groups information to system, user authentic password stay in linux machine(like LDAP), user login windows use M$ RPC


what is M$ RPC calls ?

the Microsoft Remote Procedure Call (MSRPC) system, is used for most network-related operations between Windows NT machines, including remote management, user authentication, and print spooling. Although initially this work was done to aid the implementation of Primary Domain Controller (PDC) functionality in Samba, it has also yielded a body of code that can be used for other purposes. just like winbind,
Winbind uses various MSRPC calls to enumerate domain users and groups and to obtain detailed information about individual users or groups. Other MSRPC calls can be used to authenticate NT domain users and to change user passwords. By directly querying a Windows PDC for user and group information, Winbind maps the NT account information onto UNIX user and group names.


域用户在域森林中使用RPC去认证

what is NSS? (Name Service Switch)

below description is got on wikipedia web:

In Unix-like operating systems, the Name Service Switch (NSS) allows Unix configuration databases to be provided by different sources

how many kind sources was supported by NSS ? default, you can check is from /etc/nsswitch.conf

when system user or program want to lookup information database, it will be hook into the operating system at a low level


BTW:
what different between C standard library and GNU C Library ?


what is PAM ? (Pluggable Authentication Modules)

what is NIS+ ?
Posted by at
Labels:

1 comment:

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)