[Samba] question about winbind rid idmaping

Andrew Walker walker.aj325 at gmail.com
Thu Oct 29 12:57:02 UTC 2020

On Thu, Oct 29, 2020 at 8:07 AM Rowland penny via samba <
samba at lists.samba.org> wrote:

> On 29/10/2020 11:56, Andrew Walker wrote:
> >
> >
> > Several of the idmap backends (including idmap_rid) in samba support
> > id_type_both (the ID is both a user and a group). This is ultimately
> > needed for accurately producing Windows-style behavior regarding
> > permissions (where a group can be the owner of a file). Without
> > knowing the details of the ACL module, the best path forward would be
> > for you to figure out how to maintain windows-like behavior.
> The only place that I have found id_type_both to be used, is in
> idmap.ldb on a Samba AD DC.

RID also does this. You can see in the sid<->id mapping functions in

Andrea, you can look at the common nfsv4 code (source3/modules/nfs4_acls.c)
to see how ID_TYPE_BOTH is dealt with there (for instance
nfs4_acl_add_sec_ace()). Can you perhaps give more details about your ACL
modules (or a link to the source)?

More information about the samba mailing list