Security Identifier (SID) to User Identifier (uid) ResolutionSystem

[Luke Kenneth Casson Leighton]

> IMHO the correct way to approach this problem is to
> actually unify the account databases. If we do this

> Now imagine that we write the winbind daemon on
> UNIX systems with nsswitch. Quick update for people
> who haven't followed samba-technical for a bit - 
> winbind is a nsswitch module for UNIX systems entered
> into an NT Domain that allows *all* user/group lookups
> to be remoted to an NT-format PDC or BDC. ie. when 

> a UNIX uid and gid list for the user. Note that as a 
> UNIX machine can only be in one NT domain then we can

why is that?  GOT IT!  ok.  why do you think that a Unix
machine can only be in one NT domain?

ok.  so let me see if i have this straight,  this is what i think you
think.

samba cannot create remoet unix users because it is a posix system.

if we use winbind, we can create users in a SAM database, and because we
control that SAM, the users in that SAM, when mapped to unix, can be
considered to be your definition of "local" posix users, therefore because
they are local POSIX uids (whatt you call "real" unix users), this is
acceptable.

is this a reasonable approximation of your understanding of "real" unix
users, and how to create an NT world from a unix one?

i really need to know.

thx jeremy,

luke