2012-02-16 02:01 keltezéssel, steve írta: > Hi. > We used info from a SID created using samba-tool group add to > posix-ify it and then add a posix-ifed domain user to it. The AD doco > defines two sorts of SID. Ones that change, and ones that don't. > > Here is a search on our posix-ified group: > ldbsearch --url=/usr/local/samba/private/idmap.ldb 'xidnumber=3000012' > objectSid: S-1-5-21-980186919-4150830324-975011627-1121 > > We set the primaryGroupID of the user to 1121, his gidNumber to > 3000012 and his uidNumber from wbinfo. He becomes visible to Linux via > nss-ldapd, whilst retaing his Domain User status on the windows side:-) > > My question is, to which category of SID does > S-1-5-21-980186919-4150830324-975011627-1121 belong? Can we assume > that this is fixed for the life of the domain? Under what circustances > could s4 change it, and if id did, would we be given warning? > > Thanks, > Steve > > > Hi
SIDs over S-1-5-21-.....-1000 are "ordinary" SIDs used by windows for users and groups. The M$ docs describe modifying the SID as a very dangerous, unsupported operation with unpredictable consequences, so yes SIDs can be considered as something "carved in stone". Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
