Accessing LOCAL files after login to NT-4-WS via Samba P

Ed Bradford egb at us.ibm.com
Wed Feb 18 18:55:17 GMT 1998 

When a workstation logs into a domain controller with the correct credentials
(name, password), the domain controller returns a binary user token which
consists of
 USER SID
 all Global Group SIDS
 list of privileges the user holds.

Samba has to manufacture a repeatable 128 bit "thing" which can be identified
by the workstation as a SID. Some insite into how the SID is manufactured on a
real domain controller would be useful here. That means that whenever a user is
created, a SID must also be created which is unique in all the world and in all
time. How Groups are mapped and what they mean to NT is another area that has
to be understood. However, basically, a group is merely a collection of SIDs
and has its own SID. In NT, a group can own a file. MS recommends groups to
administrators because it is easier to add and remove a person from a group
than searching a file system for a particular SID.

Ed Bradford.



samba-ntdom at samba.anu.edu.au on 02/18/98 10:58:05 AM
Please respond to bpowell at osc.edu @ internet
To: samba-ntdom at samba.anu.edu.au @ internet
cc:
Subject: Accessing LOCAL files after login to NT-4-WS via Samba PDC


I don't see this particular topic anywhere in the archives of this mailing
list, so...

We have finally gotten the Samba PDC code running pretty well and have users
logging into their NT4 workstations using a Samba supplied domain login.  That
part is pretty neat in and of itself!

The problem is that for the purposes of file permissions and ownership, the
NT workstation does not recognize the the domain username as a valid user.
Thus the only files a user can modify on the local workstation are ones where
everyone has full access.  They cannot "own" any files, because the file
security dialog cannot find their username in the domain.  Is this simply due
to the incomplete DC support that Samba supplies in its current state, or are
we doing something wrong?

Thanks in advance,


--
Brian Powell            <bpowell at osc.edu>           (614) 292-6017
       Sr. Programmer/Analyst, The Ohio Supercomputer Center
   PGP public key: "finger -l bpowell at osc.edu" (Key ID 6F4E0A0D)

More information about the samba-ntdom mailing list