[Samba] Samba + sssd deployment: success and failure

Goetz, Patrick G pgoetz at math.utexas.edu
Thu Jun 13 16:17:36 UTC 2019 

On 6/13/19 10:48 AM, Alexey A Nikitin via samba wrote:
> According to the MS docs SID=('S-'+version+identifier authority value+domain or computer identifier+RID). The SIDs that don't contain RID are the special cases of Machine SID, Domain SID, Service SID, and some predefined universal well-known SIDs [1]. According to the common use in MS tools SID encompasses RID. And even in Samba (wbinfo immediately comes to mind) SID also encompasses RID. More generally, the definition of SID is a unique identifier for a security principal, and to match that definition one security principal within a domain (or a local machine) has to be distinguished from another security principal within the same domain or machine, which is achieved through the RID part of the SID. So, RID is just a (sometimes optional, but in those contexts "SID+RID" also doesn't make any sense) part of SID, not a separate and independent piece.
> 

I think the relevant question (and the reason this came up) is that I 
want the UID mapping to be:

     linux UID = domain RID

I was calling it an SID (which, based on talking to Windows admins, I'm 
surmising is understood to mean RID, depending on context).  Anyway, 
that was the genesis of this discussion.  To give a concrete example,

Running this command on one of sssd linux domain members:

root at kraken:/home/pgoetz# getent passwd pgoetz
pgoetz:*:1562224688:1007000513:Goetz Patrick G 
(pgoetz):/home/pgoetz:/bin/bash

1562224688 is my domain RID, 1007000513 is the RID for the Domain Users 
group:

root at kraken:/home/pgoetz# ls -l
total 0
drwxr-xr-x 2 pgoetz domain users 25 Oct  1  2018 Desktop
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Documents
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Downloads
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Music
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Pictures
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Public
drwxr-xr-x 3 pgoetz domain users 41 Aug  3  2018 snap
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Templates
drwxr-xr-x 2 pgoetz domain users  6 Aug  3  2018 Videos

More information about the samba mailing list