Hi.
We used info from a SID created using samba-tool group add to posix-ify
it and then add a posix-ifed domain user to it. The AD doco defines two
sorts of SID. Ones that change, and ones that don't.
Here is a search on our posix-ified group:
ldbsearch --url=/usr/local/samba/private/idmap.ldb 'xidnumber=3000012'
objectSid: S-1-5-21-980186919-4150830324-975011627-1121
We set the primaryGroupID of the user to 1121, his gidNumber to 3000012
and his uidNumber from wbinfo. He becomes visible to Linux via
nss-ldapd, whilst retaing his Domain User status on the windows side:-)
My question is, to which category of SID does
S-1-5-21-980186919-4150830324-975011627-1121 belong? Can we assume that
this is fixed for the life of the domain? Under what circustances could
s4 change it, and if id did, would we be given warning?
Thanks,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
