On 02/16/2012 06:58 AM, Gémes Géza wrote:
2012-02-16 02:01 keltezéssel, steve írta:
Hi.
We used info from a SID created using samba-tool group add to
posix-ify it and then add a posix-ifed domain user to it. The AD doco
defines two sorts of SID. Ones that change, and ones that don't.
Here is a search on our posix-ified group:
ldbsearch --url=/usr/local/samba/private/idmap.ldb 'xidnumber=3000012'
objectSid: S-1-5-21-980186919-4150830324-975011627-1121
We set the primaryGroupID of the user to 1121, his gidNumber to
3000012 and his uidNumber from wbinfo. He becomes visible to Linux via
nss-ldapd, whilst retaing his Domain User status on the windows side:-)
My question is, to which category of SID does
S-1-5-21-980186919-4150830324-975011627-1121 belong? Can we assume
that this is fixed for the life of the domain? Under what circustances
could s4 change it, and if id did, would we be given warning?
Thanks,
Steve
Hi
SIDs over S-1-5-21-.....-1000 are "ordinary" SIDs used by windows for
users and groups. The M$ docs describe modifying the SID as a very
dangerous, unsupported operation with unpredictable consequences, so yes
SIDs can be considered as something "carved in stone".
Regards
Geza
Hi Geza
Thanks for the confirmation. Will s4 follow the carved in stone m$
guidelines?
So far, the schema has allowed my addition of POSIX objects and
attributes to the ldb's. Indeed, some of them such as posixAccount are
already there, just waiting to be pulled in. Will there be any changes
made which will negate this? e.g. I have a user with primaryGroupID:
1121, uidnumber: 3000000, unixhomedirectory: /home/workgroup/user. Will
the user always have those attributes? Now? After the next git? After a
s4 release?
Maybe the question should be, will there be any changes made to the
schema which would disallow rfc2307 attributes to be included?
It's almost Friday.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
