[Samba] SID <-> UID mappings

Edvard Fagerholm efagerho at cc.hut.fi
Tue Jan 13 16:11:54 GMT 2004


I've been running a custom hacked samba 3.0rc1 to get winbindd to bind every SID
simply to what getpwent returns as the UID.

The newest versions of samba seem to support the possibility to have
winbindd to use /etc/passwd and /etc/group as the storage backend.

So basically what I need is that each time samba wants to know the SID of the
username "joe" it would just query the SID of "DOMAIN\joe" from the AD server.
Similarly each time samba wants to know the UID for "DOMAIN\joe" it would
simply call getpwent for "joe" to get the UID. My patch does this, but I don't
have anything caching the results so samba does loads of queries to the AD

The thing is that I don't want winbindd to touch the local password database, I
just want it to search there. If it doesn't find a UID for a specific windows
user, it should simply return an error, not add a new user. The thing is that
the userdatabase isn't local, it uses an LDAP backend via nsswitch, so winbindd
would only cause lots of trouble if it would try to tamper the local files.

Can samba do this now? What is interesting here is that this is logically much
much more simpler than having conversion algorithms and using tables and stuff
like that. The reason why everything works this way is that we have both unix
and windows servers and desktops and each share the same users. The users are
really stored on a windows server, but we use nssldap and ad4unix to manually
give an UID to users that require unix access.

The point is that I don't need winbindd to do anything, but it seems like I
have to run it to get AD to work.

Edvard Fagerholm

More information about the samba mailing list