New Unix user and group domain

Stefan (metze) Metzmacher metze at samba.org
Mon Feb 27 09:29:41 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Lendecke schrieb:
> On Sat, Feb 25, 2006 at 11:49:49AM -0600, Gerald (Jerry) Carter wrote:
>> The scenario I was thinking of was a Samba member server
>> in a Samba domain sharing a uid/gid name (no \unixinfo
> 
> This is the 'trusted domains only = yes'?
> 
>> pipe yet).  When we create the token for the user from
>> the NET_USER_INFO_3.  Don't we need those SIDs ?
> 
> Right, here we probably need those. We used to have the
> algorithmic fallback ones in place here. As the S-1-22 SIDs
> are completely new, adding them as auxiliary groups in the
> INFO3 does not hurt anybody out there.

I think we should handle the S-1-22-* (or is it S-1-5-22-*) SID's as
windows handles the S-1-5-32-*.

as both have a different meaning on a member server!

metze
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEAsaFm70gjA5TCD8RAp98AKC7ckmxEukxoPmsE8NBvKQmtJKtXgCgrJaW
ASnVH6RX252ogjcz16xc2bU=
=ZlBd
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list