|
Note
Machine (computer) accounts are used in the Windows NT OS family to store security
credentials for domain member servers and workstations. When the domain member
starts up, it goes through a validation process that includes an exchange of
credentials with a domain controller. If the domain member fails to authenticate
using the credentials known for it by domain controllers, the machine will be refused
all access by domain users. The computer account is essential to the way that MS
Windows secures authentication.
The creation of UNIX system accounts has traditionally been the sole right of
the system administrator, better known as the root account.
It is possible in the UNIX environment to create multiple users who have the
same UID. Any UNIX user who has a UID=0 is inherently the same as the
root account user.
All versions of Samba call system interface scripts that permit CIFS function
calls that are used to manage users, groups, and machine accounts
in the UNIX environment. All versions of Samba up to and including version 3.0.10
required the use of a Windows administrator account that unambiguously maps to
the UNIX root account to permit the execution of these
interface scripts. The requirement to do this has understandably met with some
disdain and consternation among Samba administrators, particularly where it became
necessary to permit people who should not possess root-level
access to the UNIX host system.
|
