Security Identifier (SID) to User Identifier (uid) ResolutionSystem
Leslie M. Barstow III
phoenix at faerealm.com
Thu Dec 30 07:12:55 GMT 1999
On Thu, 30 Dec 1999, Jeremy Allison wrote:
> Luke Kenneth Casson Leighton wrote:
> > why is that? GOT IT! ok. why do you think that a Unix
> > machine can only be in one NT domain?
> Because it makes mapping the Domain SID database to a POSIX
> uid/gid database much easier. To put a UNIX box in more than
> one domain complicates that mapping immensely.
> Simple is good.
Simple is not realistic in this case, though.
The last couple of jobs I've worked at both used multiple
domains - people using a server could be from any of them.
> Consider a UNIX box running winbind to be *identical* to
> an NT server in a domain.
It has to be. That means it has to support the concept of
multiple Domains. That means a simple RID<->uid/gid
translation is just not possible - different NT domains
will use the same RID for different purposes. And that
means Winbind needs a table, not just an algorithm - it
needs a memory so it knows to renumber conflicting RIDs
from different domains.
BTW - here's a dumb question (kind of related via winbind)
is there an 8-character limitation to the getpwnam()
implementation? IIRC, at least the passwd file has
this limit (in Linux).
--
Leslie M. Barstow III | http://www.faerealm.com/phoenix
phoenix at faerealm.com | Linux and Apple][GS links: computers/
PGP key at www.pgp.com | Fight junk e-mail abuse!: computers/spam/
Wow! It all fits. |
More information about the samba-technical
mailing list