[Samba] SIDs and UIDs and RIDs - Oh My!

[John H Terpstra]

On Sunday 14 August 2005 18:40, Moondance Foxmarnick wrote:
> When you say: " Every instance in SMB world has to have its own SID "
> Does that mean that on top of every logon, say- for each folder connection,
> a SID is generated?

No. A SID represents a security context. For example, every Windows machine 
has local accounts within the security context of the local machine which has 
a unique SID. Every domain (NT4, ADS, Samba) contains accounts that exist 
within the domain security context which is defined by the domain SID.

A domain member server will have a SID that differs from the domain SID.
The domain member server can be configured to regard all domain users as local 
users. It can also be configured to recognize domain users and groups as 
non-local.

SIDs are persistent.

> And if so, is this a temporary SID like a token for the session, or is it
> stored internally to SAMBA?

The Samba domain and machine SIDs are stored in /etc/samba/secrets.tdb. You 
can view the contents of this file using tdbdump.

PS: I have updated the PDC Chapter to provide a more detailed explanation of 
the relationship between the RID and the SID. The on-line version of the 
HOWTO should reflect this change within 48 hours.

- John T.