How samba 3.0 get the NT token for a domain user?
qzhou at isilon.com
Thu May 8 19:58:13 GMT 2003
>From what I read so far, samba does this by doing a LDAP query for a user's
"tokengroups", convert them to gids, then call create_nt_token.
create_nt_token convert this list of gids back to SIDs, and store in a NT
token structure. It seems like in a W2k environment, a domain user gets the
access token, which includes a list of groups, when the user logins in to the
domain, and then this access token should be transferred to a file server if
the user access it.
So if my understanding above is correct, it means that we can not decode the
access token yet? Or what else that we do not get the group list from the
access token? Or my understanding of the process is totally wrong?
More information about the samba-technical