sid to uid/gid mapping, winbind
simo
idra at samba.org
Fri Jan 8 18:18:01 MST 2010
On Fri, 2010-01-08 at 16:49 -0600, Shirish Pargaonkar wrote:
> Oh, basically, I can have a Windows server share mounted over using
> cifs client and I would like to see user names and group names for
> the files under that share and be able run commands like chown,
> the way we can do with files under shares mounted off of Samba shares
> with or without unix extensions enabled.
>
> So when I do NT Query Security Descriptor for a file, I get sid and
> then
> I want a corrosponding user name and use winbind to map that to
> a uid as per smb.conf and store that mapping in a backend.
Yes this can certainly be done, you don't need a name you can simply
pass Windbind a SID and it will do the whole job.
If the cifs share point to servers in unknown (to windbind) domains I
advice against trying to do name and uid mappings.
Almost certainly you would just end up opening nasty security issues.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list