Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Luke Kenneth Casson Leighton lkcl at
Wed Dec 29 18:07:49 GMT 1999

> IMHO the correct way to approach this problem is to
> actually unify the account databases. If we do this

> Now imagine that we write the winbind daemon on
> UNIX systems with nsswitch. Quick update for people
> who haven't followed samba-technical for a bit - 
> winbind is a nsswitch module for UNIX systems entered
> into an NT Domain that allows *all* user/group lookups
> to be remoted to an NT-format PDC or BDC. ie. when 

> a UNIX uid and gid list for the user. Note that as a 
> UNIX machine can only be in one NT domain then we can

why is that?  GOT IT!  ok.  why do you think that a Unix
machine can only be in one NT domain?

ok.  so let me see if i have this straight,  this is what i think you

samba cannot create remoet unix users because it is a posix system.

if we use winbind, we can create users in a SAM database, and because we
control that SAM, the users in that SAM, when mapped to unix, can be
considered to be your definition of "local" posix users, therefore because
they are local POSIX uids (whatt you call "real" unix users), this is

is this a reasonable approximation of your understanding of "real" unix
users, and how to create an NT world from a unix one?

i really need to know.

thx jeremy,


More information about the samba-technical mailing list