Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Leslie M. Barstow III phoenix at
Thu Dec 30 02:18:09 GMT 1999

On Thu, 30 Dec 1999, Luke Kenneth Casson Leighton wrote:

> i like the idea of being able to use winbind to store a unix user's home
> directory location :)  who needs a c:\ drive3, anyway? :-)

Winbind will *have* to do this unless we don't want user home directories.

However, getting returned a password entry like:


would probably be less than useful :-).

Winbind would have to be responsible for returning a reasonable shell and
home directory (it could go so far as to automount the listed directory).

> > Re: the sid2*() call:  I think the unified call proposed by Luke is more
> > appropriate than Nico's - you really can't tell in an ACL if the SID
> > refers to a group or to a user (or a machine).  Having to code two calls
> > is more of a pain for developers in the long run.
> ok, been thinking about this some more.
> do we want this:
> int sid2posix(SID sid, enum *gid_or_uid, uint32/64 posix_id);
> or do we want this:
> int sid2posix(SID sid, uint32/64 posix_id);
> because if you do, then you need to do LsaLookupSids(SID, enum *sid_type,
> char* name) and you will get a SID_NAME_USER or SID_NAME_GROUP or
> SID_NAME_ALIAS back, and you have to determine that, ok, it's a
> SID_NAME_USER therefore the posix_id can be typecast to a uid_t.

Actually, I think I like Nico's latest approach:

int sid2posix(SID sid, SIDtype_t type, posix_id_t posix_id);

enum the valid SID types, and you have a call that both identifies the
type of SID and does the translation...

Leslie M. Barstow III  |
phoenix at   |    Linux and Apple][GS links:    computers/
PGP key at |    Fight junk e-mail abuse!:     computers/spam/
Wow!  It all fits.     |

More information about the samba-technical mailing list