[Samba] importance of sid and rid?

Gerald Carter jerry at samba.org
Wed Aug 7 10:35:01 GMT 2002

On Wed, 7 Aug 2002, Hardi Gunawan wrote:

> Seems that I'm replying my own posting :)
> I've just downloaded Samba 2.2.5, and it seems that there's a new -S
> option in smbpasswd to enable the Samba machine to obtain the SID of the
> domain controller.  But how about the RID?  What's the effect on having
> a different RID for each users?
> Sorry, I'm quite a newbie in this RID and SID....

your fears are probably justified.  You cannot in Samba 2.2.x
manually set rids for user's and expect things to still work.
The lack of support for group mapping is the culprit.

This means that the ACLs will probably break.  What i don't
know is if scopy.exe (or newer versions of XCOPY) will lookup
the username to resolve a SID.  My guess is that they set the security
descriptor exactly to what it curently is which means that the
ACL will be messed up if user's are all given new RIDs.

This is a educated speculation. :-)  Use at your own risk :-)

cheers, jerry
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "Sam's Teach Yourself Samba in 24 Hours" 2ed.      ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba mailing list