Security Identifier (SID) to User Identifier (uid) ResolutionSystem
Luke Kenneth Casson Leighton
lkcl at samba.org
Thu Dec 30 07:28:45 GMT 1999
> > Ok, so the current algorythmic mapping will now definitely not satisfy
> > the needs of the environment where I work.
> I don't see why not. Whenever these users access files on
> a Samba server they're doing it as a uid the Samba server
> knows about, so what is the problem ? Yes if they look at
> the ACLs on a file they will see users local to the Samba
> server as entries, but that's exactly what the ACLs on the
> Samba server represent.
and what happens when you select a samba server in show-users from an NT
yes, this is possible.
select a local file on an NT wksta. selcet sile security tab. go to show
users. selct a remote samba server. try granting a remote samba server's
users permissions to access a file on the local NT wksta.
or better, make that a group.
then, selcet _aohter_ remote samba server, and do the same thing.
even better, do this for two remote samba servers that are in the same NT
domain, both of which are configured with "security = domain" and
"password server = some_third_party_ntpdc".
this results in such a messed up usage of stupidly created SIDs that i
don't want to think or talk about it. it's so stupid i can't believe you
are still justifying restricting individual unix servers to one nt domain.
More information about the samba-technical