[email protected]
[Top] [All Lists]

Re: unpack_nt_owners fails with owner S-1-5-32-544

Subject: Re: unpack_nt_owners fails with owner S-1-5-32-544
From: simo
Date: Thu, 26 Oct 2006 08:21:25 -0400
On Thu, 2006-10-26 at 16:06 +1000, [email protected] wrote:
> Volker,
>  > BTW, nasty as it is, this _is_ relevant. I've come across
>  > this at quite a number of sites already.
> yes, I can see it matters. 
> What do you think of the strategy of mapping both the old SID of the
> user and the new SID of the user to the same unix uid? That's
> presuming of course that we can detect this (I can think of some ways
> we might tackle that aspect of it).
> The advantage of mapping both the old SID and the new SID to the same
> uid is that ACLs keep working really well, as does file ownership. The
> disadvantage would seem to be that we would break with the idea of
> a one-to-one mapping of uid to SID. I can't see why keeping it
> one-to-one is vital.

Not vital, but we will probably have to add the concept of secondary
SID, so that uid->SID always return the new one.

> As far as detecting it goes, what we'd really need to detect is the
> domain conversion itself. Then doing the actual mapping shouldn't be
> too hard, as it would be a pretty good bet that the usernames are kept
> the same (not guaranteed I know, but should be pretty good).

No, you can't count on this, the samba server can be installed years
after the original domain is shut down.


Simo Sorce
Samba Team GPL Compliance Officer
email: [email protected]

<Prev in Thread] Current Thread [Next in Thread>