Security Identifier (SID) to User Identifier (uid) Resolution
System
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Tue Jan 4 18:04:49 GMT 2000
> -----Original Message-----
> From: Jeremy Allison [SMTP:jeremy at valinux.com]
> Sent: Thursday, December 30, 1999 13:36
> To: Multiple recipients of list SAMBA-TECHNICAL
> Subject: Re: Security Identifier (SID) to User Identifier (uid)
> ResolutionSystem
>
> Luke Kenneth Casson Leighton wrote:
> >
> > On Thu, 30 Dec 1999, Jeremy Allison wrote:
> >
> > > Michael Stockman wrote:
> > > >
> > > > As far as I can see the algorithmic solution is good for all users
> > > > samba accepts that belong to samba's SAM (implemted in smbpasswd,
> > > > LDAP, NIS or whatever). However it seems to me that this is not the
> > > > case when samba is supposed to accept users belonging to a remote
> SAM.
> > >
> > > What *exactly* do you mean by "accept". This is the crux of the
> > > discussion. Currently Samba "accepts" logons by name. Samba only
> > > accepts SIDs in ACL set requests. It currently doesn't accepts a
> > > non-local SID in an ACL set request, and I don't think it should.
> >
> > i know you don't. means samba will never be fully nt-domain
> > interoperable.
>
> Well, in order for Samba to store a non-local SID in an
> ACL set it must have some way to store it in the filesystem.
>
> POSIX doesn't allow this.
>
You find or allocate a local "POSIX identity" to use in the ACL, and
note (somewhere) its equivalent SID. Granted, that doesn't help you much if
you're pulling disks and sticking them in machines with different account
databases, but that's a problem under POSIX anyway.
More information about the samba-technical
mailing list