unpack_nt_owners fails with owner S-1-5-32-544

simo idra at samba.org
Thu Oct 26 12:21:25 GMT 2006

On Thu, 2006-10-26 at 16:06 +1000, tridge at samba.org wrote:
> Volker,
>  > BTW, nasty as it is, this _is_ relevant. I've come across
>  > this at quite a number of sites already.
> yes, I can see it matters. 
> What do you think of the strategy of mapping both the old SID of the
> user and the new SID of the user to the same unix uid? That's
> presuming of course that we can detect this (I can think of some ways
> we might tackle that aspect of it).
> The advantage of mapping both the old SID and the new SID to the same
> uid is that ACLs keep working really well, as does file ownership. The
> disadvantage would seem to be that we would break with the idea of
> a one-to-one mapping of uid to SID. I can't see why keeping it
> one-to-one is vital.

Not vital, but we will probably have to add the concept of secondary
SID, so that uid->SID always return the new one.

> As far as detecting it goes, what we'd really need to detect is the
> domain conversion itself. Then doing the actual mapping shouldn't be
> too hard, as it would be a pretty good bet that the usernames are kept
> the same (not guaranteed I know, but should be pretty good).

No, you can't count on this, the samba server can be installed years
after the original domain is shut down.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list