Need to map SIDs for unknown users
Andrew Bartlett
abartlet at samba.org
Sat Jul 12 15:29:09 GMT 2003
Just a quick note about out current SID->UID scheme since this week's
changes:
As I read it, we will only allocate a SID for a user that exists in
winbind - ie, a user in a trusted domian, with a currectly active DC.
This presents a major issue for NAS devices, which often have to deal
with down DCs, but also with 'foreign sids' - sids from a user's
workstation and the like, that we can never see via winbind.
The previous 3.0 code allowed this to work, usually guessing that a gid
was most appropriate. While not the best solution, as long as we never
actually see that user at login, it's fine.
Fixing this should just be a matter of fixing the code in smbd/uid.c, rather
than a major redesign.
Andrew Bartlett
More information about the samba-technical
mailing list