group RIDs (Modem_Users)

Marc Sherman marc at reston.ans.net
Mon May 4 13:41:03 GMT 1998


At 12:21 PM 5/4/98 +1000, David Bannon wrote:
>At 22:58 30/04/1998 +1000, Luke Kenneth Casson Leighton wrote:
>>On Wed, 29 Apr 1998, various people wrote:
>>
>>> If so, sould someone post a list of some of the more popular group RID's 
>.
>>> i already have the list from winnt.h,
>>> but i was not aware that there are more: things like "modem users".
>.
>>> add "domain groups = the RID" in the smb.conf
>
>getsid.exe tells me :
> 
>The SID for account BIO-LAB\Modem_Users is
>S-1-5-21-871122656-1776954347-317593308-1004

I believe that "S-1-5-21-871122656-1776954347-317593308" is the domain SID
for BIO-LAB, and 1004 is the RID for "modem users". More generally, for
user and group SID's at least, I'll go out on a limb and state that
everything up to but *not* including the last 32 bits is the domain SID,
and the last 32 bits is always the RID. IOW, user and group SID's always
contain the domain SID.

>
>Now, I have to ask, which RID (of the last four) should be mentioned in the
>smb.conf file ?

Correct me if I'm wrong, but I believe there is *always* only 1 RID, which
is also counted as a subauthhority, and there can be from 1 to 8
subauthorities in a SID. In this particular SID, we have 5 subauthorities
(21-871122656-1776954347-317593308-1004), and the last subauthority, 1004,
is the RID.

>I have checked winnt.h and Modem_Users are not mentioned, I don't
>understand why there are four RIDs after the S-1-5-21- bit. The MS
>Developer site does not seem to list anything, could it be that these
>numbers are madeup on the fly and therefore will be different on every
>system ?

Yup, I've never found any detailed explanation about subauthorities. My
only guess is that MS needs the extra bytes in order to ensure that a
domain SID is unique across space and time. If they only had the 48 bit
identifier authority to work with, (which is the 5 in the above SID), they
probably wouldn't be able to make this claim. Having another 28 bytes gives
them more leeway.


..Marc

>
>David.
>
>
>
>
>------------------------------------------------------------
>David Bannon                      D.Bannon at latrobe.edu.au
>School of Biochemistry            Phone 61 03 9479 2197
>La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
>Bundoora, Vic, Australia, 3083    http://bioserve.latrobe.edu.au
>------------------------------------------------------------
>.... Humpty Dumpty was pushed !
>



More information about the samba-ntdom mailing list