[Samba] ntfs user mappings?

Rowland Penny rpenny at samba.org
Fri Nov 3 21:14:35 UTC 2017 

On Fri, 3 Nov 2017 14:52:45 -0600
Jeff Sadowski <jeff.sadowski at gmail.com> wrote:

> On Fri, Nov 3, 2017 at 2:43 PM, Rowland Penny <rpenny at samba.org>
> wrote:
> > On Fri, 3 Nov 2017 13:53:22 -0600
> > Jeff Sadowski via samba <samba at lists.samba.org> wrote:
> >
> >> just get objectsid and use this
> >>
> >> https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253
> >
> > Why ???
> >
> 
> So that when someone on a linux machine writes to disk and they open
> it up on a windows machine it will show it was written by the same
> person. (or vise versa)
> 
> Anyways it is a bit more complicated as I know objectSid it is in
> base64 not just hex so I'll have to do a little more work than I
> though. It is however a fun exercise.

Use ldb-tools ;-)

You get:

dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
..............
objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107
sAMAccountName: rowland
uidNumber: 10000

> 
> > From reading the manpage, you need a usermap like this:
> >
> >     john::S-1-5-21-3141592653-589793238-462643383-1008
> >     mary::S-1-5-21-3141592653-589793238-462643383-1009
> >     :smith:S-1-5-21-3141592653-589793238-462643383-513
> >     ::S-1-5-21-3141592653-589793238-462643383-10000
> >
> > Note the third one is obviously wrong, the RID is '513', so 'smith'
> > should be 'Domain Users'
> 
> I don't know about you but I use RFC2307
> it doesn't matter what the SID is for it to map to my linux machines.

Well yes, if you use the winbind 'ad' backend it doesn't, but if you
use the 'rid' backend it does. However, user rowland will have the SID
'S-1-5-21-1768301897-3342589593-1064908849-1107' on windows, but will
get the uidNumber '10000' on Linux. So from my reading of the ntfs-3g
manpage, the usermap would need a line like this:

  rowland::S-1-5-21-1768301897-3342589593-1064908849-1107

and from this, I understand that both windows and Linux would know who
'rowland' is, I could be wrong though, mainly because I haven't tried
it.

Rowland

More information about the samba mailing list