[Samba] Samba4 gid-to-sid question

steve steve at steve-ss.com
Wed Feb 15 18:01:54 MST 2012


Hi.
We used info from a SID created using samba-tool group add to posix-ify 
it and then add a posix-ifed domain user to it. The AD doco defines two 
sorts of SID. Ones that change, and ones that don't.

Here is a search on our posix-ified group:
ldbsearch --url=/usr/local/samba/private/idmap.ldb 'xidnumber=3000012'
objectSid: S-1-5-21-980186919-4150830324-975011627-1121

We set the primaryGroupID of the user to 1121, his gidNumber to 3000012 
and his uidNumber from wbinfo. He becomes visible to Linux via 
nss-ldapd, whilst retaing his Domain User status on the windows side:-)

My question is, to which category of SID does 
S-1-5-21-980186919-4150830324-975011627-1121 belong? Can we assume that 
this is fixed for the life of the domain? Under what circustances could 
s4 change it, and if id did, would we be given warning?

Thanks,
Steve





More information about the samba mailing list