Security Identifier (SID) to User Identifier (uid) ResolutionSystem

Jeremy Allison jeremy at
Thu Dec 30 20:33:47 GMT 1999

"Leslie M. Barstow III" wrote:
> Simple is not realistic in this case, though.
> The last couple of jobs I've worked at both used multiple
> domains - people using a server could be from any of them.

But that doesn't actually matter to the Samba server at all.
So long as it authenticates to the correct DC then the
user will be mapped into a user with the same name on the
UNIX box (ignoring name mapping for the present).

> > Consider a UNIX box running winbind to be *identical* to
> > an NT server in a domain.
> It has to be.  That means it has to support the concept of
> multiple Domains.

Why ? An NT member server doesn't.

> That means a simple RID<->uid/gid
> translation is just not possible - different NT domains
> will use the same RID for different purposes.  And that
> means Winbind needs a table, not just an algorithm - it
> needs a memory so it knows to renumber conflicting RIDs
> from different domains.

winbind only queries the DC for *one* domain, the domain
the UNIX box is in. It doesn't need to deal with other domain sids.


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list