mapping uids of file owners to SIDs for AD users
Volker Lendecke
vl at samba.org
Tue Jan 24 19:55:16 UTC 2017
On Tue, Jan 24, 2017 at 01:34:21PM -0600, Steve French wrote:
> I was noticing that (at least with richacl) the ownership information
> in the ACL is taken from the uid/gid posix ownership information and
> therefore the owner SID is displayed as "S-1-22-1..." followed by a
> UID rather than querying the UID->SID mapping for that Active
> Directory user (the server is joined to the same AD domain as the user
> on the Windows client who created the file). The result of this is
> that the owner from Windows explorer looks like
>
> "Unix user\10000" rather than "user at domain" (as it would for Windows to Windows)
>
> looking at uid_to_sid() in passdb/lookup_sid.c it looks like it only
> calls out to winbind for this if it doesn't find it in the idmap cache
> - how would this work for the common case (e.g. in RHEL) where sssd is
> providing the mapping?
Maybe use
idmap config DOMAIN : backend = nss
if your corporate strategy mandates sssd.
Volker
More information about the samba-technical
mailing list