unpack_nt_owners fails with owner S-1-5-32-544
idra at samba.org
Wed Oct 25 19:39:42 GMT 2006
On Wed, 2006-10-25 at 18:13 +0200, Volker Lendecke wrote:
> On Wed, Oct 25, 2006 at 07:21:05AM +1000, tridge at samba.org wrote:
> > - once we know which type the SID is, update the sidmap database to
> > flag which type it is, but also keep in the database the 'wrong'
> > mapping, keeping the incorrect gid or uid reserved.
> One problem here: The role as perceived by Samba can change.
> A user SID that we get as such in the token can show up in
> the groups list via the sidHistory feature later on. This is
> a different problem, but I just wanted to note that "once we
> know which type the SID is" is not as fixed as you might
Yeah, the only solution to be able to access files is that you map that
SID to a group and store an ACE for that group, this is one of the
reasons I crazily talk of unifying the UID and GID spaces into the GID
At least for this kind of SIDs it seem there is no other way, and if we
think that any SID can become a sidHistory in time (as a previous normal
domain can be migrated to a new domain) then we are really back to
consider always adding a "user-group" ACE anyway.
Samba Team GPL Compliance Officer
email: idra at samba.org
More information about the samba-technical