Getting the SID of the user out of the PAC ...

Stefan Metzmacher metze at
Fri Sep 27 06:58:43 UTC 2019

Am 27.09.19 um 08:50 schrieb Steve French:
> On Fri, Sep 27, 2019 at 1:44 AM Stefan Metzmacher <metze at> wrote:
>> Am 27.09.19 um 08:39 schrieb Steve French via samba-technical:
>>> Is there a way to get the SID of the user out of the MS-PAC through
>>> Samba utils (or winbind)?
>>> This would help cifs if when we upcall as we do today to get the
>>> kerberos ticket, we were also given the user's SID not just the ticket
>>> to use to send to the server during session setup.
>> Only if you get a service ticket for the joined client machine.
>> But I don't understand what a possible use case would be.
> When not mounting with "idsfromsid" this would allow us to use the
> correct owner SID when creating ACLs (to include the owner and mode)
> on mkdir and filecreate (the acl can be sent in the sd_context during
> create)

Maybe CREATOR_GROUP and CREATOR_OWNER are of some use for that...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list