Question on ntlm_auth tool

Andrew Bartlett abartlet at
Thu Sep 16 01:56:34 GMT 2004

On Thu, 2004-09-16 at 11:44, Yimin Chen wrote:
> Hi Andrew,
> Thanks for your clarifications! I think I now understand it much better.
> So if the ntlm_auth tool is enhanced to return the group information, would 
> it be just a list of SIDs or it could be the actual group names? If it will 
> be SIDs, do we need to query the domain controllers for the groupnames, or 
> Samba has other API we can use to do the conversion?

My suggestion is that we would return SIDs only, and that you would
convert the names that you store for ACLs into SIDs, for comparison.  
(The reason we would only return the SIDs is to avoid the extra network

Yet another mode to ntlm_auth could be added to support this name->sid
lookup, to avoid using wbinfo or needing to link against the socket

Andrew Bartlett
Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list