[Samba] Question about AD user/ACL mapping

[Jeremy Allison]

On Thu, Mar 15, 2007 at 12:02:03AM -0400, Knox, Bill wrote:
> We have updated our long-standing Samba install on a Solaris 8 box to
> 3.0.24 and are interested in making use of the Windows ACL mapping
> capabilities to help take over a Windows share. However, there is a
> snag - the pre-existing box has usernames that differ from people's
> Windows logins, i.e. their Unix login is freddy, and their Windows
> login is fred_smith.
> 
> I have our AD domain membership working on the box and can see the ACLs
> work with a dummy account set up to match someone's Windows login (i.e.
> if in the above example, I set up a fred_smith account on the Unix
> box), but could find no way in the documentation to do a username
> mapping (equivalent to what is being done for logins) for the ACLs. Is
> it there and I just didn't see it, or does it not exist?

So this is when you're doing a right-click, security-tab,
show ACLs on the Windows client ?

I think we currently just display the usernames we get
from the SID mapping subsystem when the client does the SID -> name
lookup to display these. I need to look at the code to see 
how easy it would be to do a reverse username map lookup
for this - although it would be lossy as username map allows
multiple Windows names to map onto one UNIX one.

Jeremy.