Continuing the discussion from Shared Folders - Samba:
We can try and analyse the base problem and maybe we can find a elegant solution.
Can someone explain the relation of the user/ibay/samba in more detail?
all of these objects come from the same database ‘accounts’. That means that you cannot have the same name for a Ibay/user/group.
I can understand for users and groups, but it is a pity for ibay.
for the samba relation, I’m off topic
it’s so by design… each user, ibay etc is an entry in passwd file, and you can’t have 2 entries with the same username
for ibays, the username is required fot web authentication (the username is the ebay name, the password is the one you choose)
I’ve took a quick look at the esmith::AccountsDB.
Adding a Unique Identifier and descriptor could solve this issue. Relying on names is not optimal since we have issues like this.
This is only a superficial analysis, Maybe we can open a new thread ?
as long as we rely on passwd, we can have separated dbs but can’t have 2 entity with the same user (in passwd meaning)
I also thought that having a separate db can be used. But then we can also have this issue. If you do queries and you end up parsing the two db’s you can also have conflicts. And a password can be the same for more than one user/resource.
This is why using a UID and DES could solve this. the UID will be a unique number (string) and the DEScriptor can be a string or qualifier to show the type of resource. Group, Share, User etc.
yes, sure… but the first step is to abandon the passwd approach 
Yes I agree on this also.
This means that a more in depth discussion and analysis is required.
Maybe someone with more knowledge of the inner workings of this sub_system can tell us more?
we have to move to a full ldap environment… but IIRC samba4 is on the to-do list too, so we can’t simply think to move to openldap…
all the user/groups/ibays/$whatever entity must be reworked thinking in a Samba4 perspective, so it’s a quite big chunck of work…
Why did you complain? Think about a naming convention for yout server, for your network, for your clients, and so on…
If you have a user: Toto, make a group g_toto, an ibay ib_toto, a share sh_toto…
If you’re being stuck for this trivail naming convention…
Use your imagination, make a naming standardization or convention 
that’s a good suggestion and often it is used… but more often customers want a Invoicing group having access to an Invoicing share… giving them an ib_invoicing share (which is the same as above) is not enough 
Shared folders and users can be easly moved into separate dbs, since we do not need any passwd entry for shared folders.
This can be achieved using a migration fragment, but then we need to re-check all existing scripts and template which are using the accounts db.
After the 7 release, we also have plans to get rid of accounts db and use something newer like sssd.
3 Likes
