Andrew Bartlett wrote: > > [EMAIL PROTECTED] wrote: > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > - Also, I wanted to be sure we always got correct uid->sid and sid->uid > > > mapping for the guest user. I wanted an NT ACL to be able to include > > > this 'well known' user, and have it behave as expected. While *most* > > > cases inside Samba now use just the NT_TOEKN generated at login time, we > > > still make one up from uid/gid/groups in a number of cases. I wanted to > > > ensure as much as possible that the 2 tokens are identical. > > > > Do you have a pattern to look for? I would like to look at those > > cases. > > security=share, force user, force guest. > > These all currently recreate an NT_TOKEN from the current group list.
BTW, for the 'standard' security=share case, we should be able to get an NT_TOKEN from the authenticaion, I've just not got around to this yet. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
