[Samba] Idmap: How to Map SID to existing UIDs?

Chun Kit Hui huichunkit.list at gmail.com
Sat Aug 12 09:26:23 GMT 2006

Dear all,

I've got a question concerning winbind and idmap. I've been googling for
days and read through the official HOWTO but yet cannot find the answer.

My situation is as follow:

I have a UNIX infrastructure (including NFS) with all user information
stored in LDAP for distributed passwd/group/shadow using nsswitch. I also
have Windows 2003 AD (MYREALM) set up. I want to setup a samba DMS under the
realm MYREALM. Everything works fine.
However, I also want to allow the windows users to manipulate the ACLs of
the files on the samba share. This creates a problem. If I don't use
winbind, the ACEs on the files cannot contains any SIDs from the AD domain
(MYREALM). If I use winbind with tdb or LDAP backend, winbind will map the
SID to a new UID different from the existing UIDs for the UNIX user

I want to ask how can I map SID to existing UIDs if the username is
identical between the Unix world and the AD world?

Any suggestions?? or Any pointers to documentation/HOWTO ?
Thanks x 100000


Jacky Hui

More information about the samba mailing list