unpack_nt_owners fails with owner S-1-5-32-544
simo
idra at samba.org
Thu Oct 26 12:21:25 GMT 2006
On Thu, 2006-10-26 at 16:06 +1000, tridge at samba.org wrote:
> Volker,
>
> > BTW, nasty as it is, this _is_ relevant. I've come across
> > this at quite a number of sites already.
>
> yes, I can see it matters.
>
> What do you think of the strategy of mapping both the old SID of the
> user and the new SID of the user to the same unix uid? That's
> presuming of course that we can detect this (I can think of some ways
> we might tackle that aspect of it).
>
> The advantage of mapping both the old SID and the new SID to the same
> uid is that ACLs keep working really well, as does file ownership. The
> disadvantage would seem to be that we would break with the idea of
> a one-to-one mapping of uid to SID. I can't see why keeping it
> one-to-one is vital.
Not vital, but we will probably have to add the concept of secondary
SID, so that uid->SID always return the new one.
> As far as detecting it goes, what we'd really need to detect is the
> domain conversion itself. Then doing the actual mapping shouldn't be
> too hard, as it would be a pretty good bet that the usernames are kept
> the same (not guaranteed I know, but should be pretty good).
No, you can't count on this, the samba server can be installed years
after the original domain is shut down.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba-technical
mailing list