[PATCH] Allow duplicate non local objectSIDs

Stefan Metzmacher metze at samba.org
Thu Nov 30 08:03:36 UTC 2017

Hi Gary,

are we sure we only have to care about the local domain sid?

At least I read somewhere that the automatic creation of
foreignSecurityPrincipal objects (which we don't support yet)
is only done if the domain sid is not known anywhere in the forest.

Can you please check in a windows forest if it's possible to
create a foreignSecurityPrincipal with an already existing sid
from a different domain in the forest, as well as
a non-existing sid, with a known domain sid part but a not yet used rid.

The same test should be done with the local domain sid.


Am 30.11.2017 um 02:37 schrieb Gary Lockyer via samba-technical:
> Patch to allow duplicate objectSIDs for foreign security principals,
> while requiring unique objectsSIDs for the primary domain.
> Fixes BUG: https://bugzilla.samba.org/show_bug.cgi?id=13004
> Review and push appreciated
> Thanks Gary

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20171130/7e3d3a95/signature.sig>

More information about the samba-technical mailing list