[Samba] Concern about 3.0.22->3.0.23b upgrade (algorithmic SIDs
issue)
Gerald (Jerry) Carter
jerry at samba.org
Sat Aug 26 16:45:22 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michael Deutschmann wrote:
> On Fri, 25 Aug 2006, you wrote:
>> If you are running a member server and using winbindd,
>> the SID allocation for domain users and groups does not
>> change.
>
> I'm running as a lone Samba PDC, and -not-
> using winbindd.
The RID algorithm in 3.0.23c will potentially impact you.
Have I already suggested testing the 3.02.3c-gwc patch
at http://www.samba.org/~jerryy/patches/ ? You might
want to get the patch and read over the release notes
at least.
>> You can use "net groupmap" to set up SIDs for groups
>> and 'pdbedit -a' to add users to the passdb (which
>> will give them an explicit SID in the machine's domain).
>
> The relevant users are already in smbpasswd (how
> else would they log in?).
If you have a user not in smbpasswd that owns a file,
and that file is copied to a client's NTFS partition,
the user SID will be S-1-22-1-${uid}. Whether this
is an issue for your environment or not is up to
you to decide. I'm just pointing it out.
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE8HqiIR7qMdg1EfYRAv7IAKDRCrlz8LUFv/IZfXTpyphIBqhzXQCgrxzd
ZyN6XYUACeH7vjI2iBo6ujI=
=uWLd
-----END PGP SIGNATURE-----
More information about the samba
mailing list