Question on ntlm_auth tool

Andrew Bartlett abartlet at samba.org
Thu Sep 16 01:56:34 GMT 2004


On Thu, 2004-09-16 at 11:44, Yimin Chen wrote:
> Hi Andrew,
> 
> Thanks for your clarifications! I think I now understand it much better.
> 
> So if the ntlm_auth tool is enhanced to return the group information, would 
> it be just a list of SIDs or it could be the actual group names? If it will 
> be SIDs, do we need to query the domain controllers for the groupnames, or 
> Samba has other API we can use to do the conversion?

My suggestion is that we would return SIDs only, and that you would
convert the names that you store for ACLs into SIDs, for comparison.  
(The reason we would only return the SIDs is to avoid the extra network
cost.)

Yet another mode to ntlm_auth could be added to support this name->sid
lookup, to avoid using wbinfo or needing to link against the socket
libs.

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040916/78caa270/attachment.bin


More information about the samba-technical mailing list