Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Luke Kenneth Casson Leighton lkcl at
Wed Dec 29 18:37:14 GMT 1999

> And I think that Samba *is* the place to do it.  Not all systems support
> nsswitch, but Samba should be able to work without it.  Otherwise you get
> greatly reduced compatability in Samba, and wind up having to maintain the
> winbind code with Samba anyway... (And Samba doesn't need all of
> the functionality of winbind, only the UID/GID<->SID map - full names
> and shell aren't used, and an NT-shared home directory isn't something we
> want to re-share :-)

i like the idea of being able to use winbind to store a unix user's home
directory location :)  who needs a c:\ drive3, anyway? :-)

> Re: the sid2*() call:  I think the unified call proposed by Luke is more
> appropriate than Nico's - you really can't tell in an ACL if the SID
> refers to a group or to a user (or a machine).  Having to code two calls
> is more of a pain for developers in the long run.

ok, been thinking about this some more.

do we want this:

int sid2posix(SID sid, enum *gid_or_uid, uint32/64 posix_id);

or do we want this:

int sid2posix(SID sid, uint32/64 posix_id);

because if you do, then you need to do LsaLookupSids(SID, enum *sid_type,
char* name) and you will get a SID_NAME_USER or SID_NAME_GROUP or
SID_NAME_ALIAS back, and you have to determine that, ok, it's a
SID_NAME_USER therefore the posix_id can be typecast to a uid_t.

More information about the samba-technical mailing list