Setting ACLs when creating files from Windows

Kai Blin kai at
Thu Aug 7 13:41:48 GMT 2008

On Thursday 07 August 2008 13:48:13 simo wrote:

> To be honest, windows machines can store in the file system just any SID
> handled to them, but they will never do any mapping server side.
> So if you take 2 windows client and try to set the SID of user Foo on
> client 1 on client 2, user Foo of client 2 will not actually be able to
> access the resource, as the SID will not match.

So basically this would work in Samba4? As far as I understand, the limitation 
is that S3 requires foreign SIDs to map to a user, and as the servers are 
running standalone, winbind is not used for uid<->sid mapping.
Samba4 currently maps whatever SID to a unix uid if it needs to pass it to 
something that only understands uids/gids, always making use of winbind for 
this mapping. This sounds like what Windows is doing, just that we need to do 
the sid<->uid step to keep POSIX filesystems happy.


Kai Blin
WorldForge developer
Wine developer
Samba team member
Will code for cotton.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url :

More information about the samba-technical mailing list