just get objectsid and use this https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253 On Fri, Nov 3, 2017 at 1:32 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote:> oooh, I think I could write a script to do what ntf3-3g.usermap using > ldap. :-) If something doesn't already exist. > I think it gives the format in the ntfs-3g man page. > > On Fri, Nov 3, 2017 at 1:19 PM, Jeff Sadowski <jeff.sadowski at gmail.com> wrote: >> I have linux machines joined to my AD domain using winbind. >> I have windows pro machines joined to AD normally >> I would like it so that when I user writes to an ntfs removable disk >> That when I mount it on my linux machines it follows the permissions. >> Is that possible? >> I use ntfs-3g to mount the partition. I see there is a command >> ntf3-3g.usermap and wonder if that might work. >> Is there a command like it to get the usermap from AD? >> I'm curious if when I write to the disk from linux machines if it >> shows proper ownership on my windows machines.
On Fri, 3 Nov 2017 13:53:22 -0600 Jeff Sadowski via samba <samba at lists.samba.org> wrote:> just get objectsid and use this > > https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253Why ??? From reading the manpage, you need a usermap like this: john::S-1-5-21-3141592653-589793238-462643383-1008 mary::S-1-5-21-3141592653-589793238-462643383-1009 :smith:S-1-5-21-3141592653-589793238-462643383-513 ::S-1-5-21-3141592653-589793238-462643383-10000 Note the third one is obviously wrong, the RID is '513', so 'smith' should be 'Domain Users' So all you need is the user or groups name and a simple script to extract the objectSid. Rowland
On Fri, Nov 3, 2017 at 2:43 PM, Rowland Penny <rpenny at samba.org> wrote:> On Fri, 3 Nov 2017 13:53:22 -0600 > Jeff Sadowski via samba <samba at lists.samba.org> wrote: > >> just get objectsid and use this >> >> https://blogs.msdn.microsoft.com/oldnewthing/20040315-00/?p=40253 > > Why ??? >So that when someone on a linux machine writes to disk and they open it up on a windows machine it will show it was written by the same person. (or vise versa) Anyways it is a bit more complicated as I know objectSid it is in base64 not just hex so I'll have to do a little more work than I though. It is however a fun exercise.> From reading the manpage, you need a usermap like this: > > john::S-1-5-21-3141592653-589793238-462643383-1008 > mary::S-1-5-21-3141592653-589793238-462643383-1009 > :smith:S-1-5-21-3141592653-589793238-462643383-513 > ::S-1-5-21-3141592653-589793238-462643383-10000 > > Note the third one is obviously wrong, the RID is '513', so 'smith' > should be 'Domain Users'I don't know about you but I use RFC2307 it doesn't matter what the SID is for it to map to my linux machines.> > So all you need is the user or groups name and a simple script to > extract the objectSid. > > Rowland >