Re: Can someone explain SIDs?

[Jim C <jcllings@tsunamicomm.net>]

It is an "on-the-fence" topic between Samba and LDAP. It has to do with 
running a Samba PDC which is one of the primary uses of LDAP.  Problem 
is that if one does not understand the relationship between rids and 
sids, then one cannot correct defficiencies in one's LDAP database 
structure that prevent the PDCs operation.

I've noticed that many have been asking in this particular direction on 
both the Samba list and the OpenLDAP lists.  No one is answering in 
either case.  My intent is to get the answer and cross post it or see 
that it gets added to the FAQs.

Jim C.

Peter Marschall wrote:
> Hi,
>
> On Tuesday 07 January 2003 04:06, Jim C wrote:
>
> > I have some sort of mapping problem between SIDs and and user accounts.
> >  The exact error on the XP client is:
> >
> > "No mapping between account names and security IDs was done."
> >
> > I believe I can figure this out on my own if someone will explain the
> > relationship to me. :-)
>
>
> you may not get ans answer bacause SIDs don't have anything to do with
> LDAP.
>
> SIDs are the identifiers that idientify a Windows user / group internally.
> So they are a bit similar to UIDs in Unix..
> No matter how the account name is and changes, the SID stays always the same.
> SIDs are the identifiers that are stored in ACLs, in groups for the members, 
> ...
>
> The error message is a pure Windows error message.
> It tells that your client was not able to translate SIDs to Account names
> because the account yopu are logged in with does not have enough plivileges.
> I only stumbled over this error message when dealing with more than one NT
> domain.
>
> For more information I have to refer you to MS since this is all I found out
> using UNIX tools and guessing (I never programmed in the M$ API).
>
> Yours
> Peter