[Samba] Mapping UIDs on Linux to same UID as AD-bound Mac is mapping to

Ralph Boehme rb at sernet.de
Tue Feb 16 21:28:30 UTC 2016


On Wed, Feb 17, 2016 at 07:52:56AM +1100, Brett Randall wrote:
> > On Tue, Feb 16, 2016 at 08:32:52PM +1100, Brett Randall wrote:
> > > Has anyone done this? Surely it's a simple formula to generate the
> > > same UID on Linux, but how would one make Samba use this? I've looked
> > > at the idmap attributes in smb.conf(5) and can't figure out where to start.
> > 
> > this would require a new idmap backend. I've looked into this before, but
> > lacking customer demand never got to do it. And there's one thing that is
> > broken by design in this mapping scheme: collisions.
> > 
> > -Ralph
> 
> Thanks Ralph. Is the collisions you're talking about the risk of two
> GUIDs sharing the same two first 32 bytes?

32 bits, not bytes. If this collision happens only on the client side,
you can get away with it without direct security implications. But if
the collistion is on the server, that's a different game.

-Ralph

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de



More information about the samba mailing list