Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Luke Kenneth Casson Leighton lkcl at
Thu Dec 30 05:52:23 GMT 1999

On Wed, 29 Dec 1999, Jeremy Allison wrote:

> Luke Kenneth Casson Leighton wrote:
> > ok, been thinking about this some more.
> > 
> > do we want this:
> > 
> > int sid2posix(SID sid, enum *gid_or_uid, uint32/64 posix_id);
> > 
> > or do we want this:
> > 
> > int sid2posix(SID sid, uint32/64 posix_id);
> > 
> > because if you do, then you need to do LsaLookupSids(SID, enum *sid_type,
> > char* name) and you will get a SID_NAME_USER or SID_NAME_GROUP or
> > SID_NAME_ALIAS back, and you have to determine that, ok, it's a
> > SID_NAME_USER therefore the posix_id can be typecast to a uid_t.
> I don't think we want either. POSIX doesn't deal with SIDs,
> and neither should Samba (other than in the ACL code).
> winbind should be the one thing on a UNIX box that must
> deal with SIDs. No other program on the system is set up
> to cope with SIDs.

read the abstract of draft-lkcl-sidtouidmap-00.txt, carefully:

This document proposes a convention to allow Windows NT users to be
represented on POSIX-based systems and Unix users to be represented on
NT-based and compatible systems, such as Windows NT 3.5, 4.0, 5.0, and
Samba.  The convention has relevance to POSIX-based Windows NT compatible
systems such as Samba, in order to allow such systems to interoperate
in a diverse Windows NT Domain environment, even though POSIX systems
currently have neither native support for the Windows NT Security model
nor support for the concept of remote POSIX users.

why do you imagine that i am proposing that a "convention", and its
implemntation ain SURS tables, rather than winbind, to resolve SIDS to

More information about the samba-technical mailing list