[Samba] SIDs and UIDs and RIDs - Oh My!

[Moondance Foxmarnick]

So you're saying that part of a SID is a RID and the RID is fixed item deep
within the Windows code?

And when a Windows user logs on that is also part of the group "Domain
Users" the 513 RID gets appended to the 128 (-3) bit SID?

So if I have a *Nix user with the UID of 513, I'll cause a "NT doesn't like
that" message in my logs - but it will still resolve? Or will it not allow
the user to log on?

And finally - *Nix does not have RIDs - right?

I don't think I've used so many question marks in one post before!

All I need to know is that if I just don't use the UIDs of 500 - 553 I'll be
okay. But I really would like to understand it.

-Moondance


-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: Saturday, August 13, 2005 4:12 PM
To: Moondance Foxmarnick
Cc: SAMBA
Subject: Re: [Samba] SIDs and UIDs and RIDs - Oh My!

On Sat, Aug 13, 2005 at 05:00:16PM -0700, Moondance Foxmarnick wrote:
> 
> But what the @$@! is a Relative IDentifier (RID)?!?
> 
> On page 153 the command to map a windows group to a *nix group - no
mention
> of RIDs.

A SID is a 128 bit identifier of a user/group/computer on a network
(a GUUID really). It consists of a 96-bit "domain" id, with a 32-bit
"relative id" (RID) suffix.

So for a given RID, you prepend the 96-bit domain id to get the full
SID.

SIDs are supposed to be "structured", but for real users/groups
and computers they are of the form described above.

Certain (less than 128 bit) SIDs are "well known" SIDs. Such as
the "Administrators" group.

Jeremy.