sid to uid/gid mapping, winbind

Shirish Pargaonkar shirishpargaonkar at
Fri Jan 8 15:49:29 MST 2010

Oh, basically, I can have a Windows server share mounted over using
cifs client and I would like to see user names and group names for
the files under that share and be able run commands like chown,
the way we can do with files under shares mounted off of Samba shares
with or without unix extensions enabled.

So when I do NT Query Security Descriptor for a file, I get sid and then
I want a corrosponding user name and use winbind to map that to
a uid as per smb.conf and store that mapping in a backend.

On Fri, Jan 8, 2010 at 4:07 PM, simo <idra at> wrote:
> On Fri, 2010-01-08 at 15:47 -0600, Shirish Pargaonkar wrote:
>> I am interested in finding out user name / group name for a given SID.
>> Can winbind provide that information assuming the cifs server which exports
>> a share is either not in the same doamin as specified in the smb.conf on the
>> linux SMB/CIFS client machine or is a stand alone machine, if presented with
>> an SID and tcp host?
> Not sure I get the scenario, can you rephrase in a shorter, clearer
> sentence ?
>> Once a user name or group name for an SID is obtained, I would like
>> winbind to map it to a  uid or gid respectively as per smb.conf and store the
>> mapping in the backend specified in smb.conf.
> Why do you care for the user/group name to do a sid -> [u/g]id mapping ?
>> Can the host be any kind of CIFS/SMB server (Samba, Windows etc.)?
> Which host ?
>> Otherwise, I may have to do DCERPC calls over named pipes like lsa and samr
>> to resolve sids to user/group names.
> You should probably give a bit more details about what and why needs to
> do this.
> Simo.
> --
> Simo Sorce
> Samba Team GPL Compliance Officer <simo at>
> Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list