[Pkg-samba-maint] Bug#671926: Bug#671926: samba: Shouldn't try to initiate the passdb database if "passdb backend= ldapsam"

Christian PERRIER bubulle at debian.org
Thu May 10 12:04:15 UTC 2012 

Quoting Christian Perrier (bubulle at debian.org):
> Package: samba
> Version: 2:3.6.5-1
> Severity: wishlist
> 
> After a discussion with Ivo De Decker at SambaXP, I noticed that we
> try to create the passdb database in all cases, which:
> - takes ages with thousands of users (so, we should at least print
> something to avoid users thinking that the upgrade process is hanged
> - is useless if and LDAP backed is used

FTR, here's the discussion I had with Steve(vorlon) on IRCabout this,
after I propsoed entirely dropping the pieces of code that
automaticallly create smb passwrod file entries at install time:

10:01 < vorlon> bubulle: so if we don't do the import at install time, how do we ensure that the system is usable after install?  It's not usable without passdb entries, and 
                nothing else populates them automatically
10:01 < vorlon> I'm happy to get rid of this if there's a better mechanism
10:03 <@abartlet> vorlon: it doesn't do anything
10:03 < vorlon> hmm?
10:03 <@abartlet> vorlon: smbpasswd file entries without passwords are pretty pointless
10:03 <@abartlet> no other distribution auto-imports
10:03 < vorlon> well
10:04 < vorlon> except there's pam_smbpass which can be used to set the password for the passwordless entry
10:04 < vorlon> and IIRC it cares about whether the account already exists
10:08 <@abartlet> vorlon: then make it a step for pam_smbpass only
10:09 <@abartlet> vorlon: or perhaps I can help by removing the script from master? ;-)
10:09 < vorlon> pam_smbpass only> hmm, could do
10:09 < vorlon> historically, samba would display acls differently to clients based on whether accounts existed in the passdb; is that no longer relevant?
10:10 <@abartlet> we still do that
10:10 < vorlon> ok
10:10 < vorlon> maybe not a compelling reason to do the import, but it does mean the import isn't a no-op
10:12 <@abartlet> the problem with a one-time import is nothing keeps it in sync
10:12 <@abartlet> so you create two classes of users: those present at install time, and others
10:14 < vorlon> true enough
10:15 < vorlon> though we could arguably hook into adduser, if creating the passdb entries was the right thing to do
10:20 <@abartlet> vorlon: assuming user management is local...
10:27 < bubulle> indeed it can make sens for local users but, really, I think that ppl who have such setup do already have local user creation scripts that take care of creating 
                 the user *and* populate ths smb passwords
10:27 < bubulle> at least, I think the benefit is not balanced by the various drawbacks


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20120510/f85a18f6/attachment.pgp>

More information about the Pkg-samba-maint mailing list