[Samba] Mapping SID>UID (and reverse)

jrmailgate-samba at yahoo.co.uk jrmailgate-samba at yahoo.co.uk
Wed Jan 16 05:39:25 MST 2013


I have a new Samba 3.6.10 server running on Solaris 10.

The server is a member of the local Active Directory (which I'll call "DOMAIN" in this email). Unix username resolution is via NIS. All domain users have NIS usernames as well.Winbind is running to allow SMBD to perform sid>uid mapping and I have setup idmap_nss. I am not using winbind in /etc/nsswitch.conf as NIS performs that function already.

The "issue":

If I create a file or ACL through Windows for user "jack", the security tab ACL appears as "DOMAIN\jack".

If I add a file or filesystem ACL through Unix for user "jill", the Windows security tab shows the ACL as "Unix User\jill".

However, if I later add a file, or ACL to a file, through Windows for user "jill", the Windows security tab now reports the ACL as "DOMAIN\jill". Files that previously reported "Unix User\jill" now correctly report "DOMAIN\jill".

So it would appear that Winbind is performing and storing the SID>UID mapping when an ACL is *set* through Samba, but it is not storing the mapping (or performing a UID>SID mapping) when performing a *read* of existing Unix file ownership or ACLs.

Is this by design, a bug, or have I made a mistake somewhere?

I would like it so that if a file or ACL is created on a file through Unix, then Samba will automatically map this to the domain SID. Can this be done?

Thanks for any help!


More information about the samba mailing list