sid to uid/gid mapping, winbind

simo idra at
Fri Jan 8 18:18:01 MST 2010

On Fri, 2010-01-08 at 16:49 -0600, Shirish Pargaonkar wrote:
> Oh, basically, I can have a Windows server share mounted over using
> cifs client and I would like to see user names and group names for
> the files under that share and be able run commands like chown,
> the way we can do with files under shares mounted off of Samba shares
> with or without unix extensions enabled.
> So when I do NT Query Security Descriptor for a file, I get sid and
> then
> I want a corrosponding user name and use winbind to map that to
> a uid as per smb.conf and store that mapping in a backend.

Yes this can certainly be done, you don't need a name you can simply
pass Windbind a SID and it will do the whole job.

If the cifs share point to servers in unknown (to windbind) domains I
advice against trying to do name and uid mappings.
Almost certainly you would just end up opening nasty security issues.


Simo Sorce
Samba Team GPL Compliance Officer <simo at>
Principal Software Engineer at Red Hat, Inc. <simo at>

More information about the samba-technical mailing list