Getting the SID of the user out of the PAC ...
smfrench at gmail.com
Fri Sep 27 12:37:32 UTC 2019
Then there is what Mac does ... If you know the sid of each user who has
authenticated on that client to that server we can estimate mode better
without upcall to winbind in many cases
On Thu, Sep 26, 2019, 23:58 Stefan Metzmacher <metze at samba.org> wrote:
> Am 27.09.19 um 08:50 schrieb Steve French:
> > On Fri, Sep 27, 2019 at 1:44 AM Stefan Metzmacher <metze at samba.org>
> >> Am 27.09.19 um 08:39 schrieb Steve French via samba-technical:
> >>> Is there a way to get the SID of the user out of the MS-PAC through
> >>> Samba utils (or winbind)?
> >>> This would help cifs if when we upcall as we do today to get the
> >>> kerberos ticket, we were also given the user's SID not just the ticket
> >>> to use to send to the server during session setup.
> >> Only if you get a service ticket for the joined client machine.
> >> But I don't understand what a possible use case would be.
> > When not mounting with "idsfromsid" this would allow us to use the
> > correct owner SID when creating ACLs (to include the owner and mode)
> > on mkdir and filecreate (the acl can be sent in the sd_context during
> > create)
> Maybe CREATOR_GROUP and CREATOR_OWNER are of some use for that...
More information about the samba-technical