What is Security Identifier (SID) and How to setup Array AAA to work with SID? | |
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique name (an alphanumeric character string) which is assigned by a Windows Domain controller during the log on process that is used to identify a subject, such as a user or a group of users in a network of NT/2000 systems. Windows grants or denies access and privileges to resources based on access control lists (ACLs), which use SIDs to uniquely identify users and their group memberships. When a user logs into a computer, an access token is generated that contains user and group SIDs and user privilege level. When a user requests access to a resource, the access token is checked against the ACL to permit or deny particular action on a particular object. SIDs are useful for troubleshooting issues with security audits, Windows server and domain migrations.
SID has format as follows: S-1-5-21-7623811015-3361044348-030300820-1013
S - The string is a SID.
1 - The revision level (the version of the SID specification).
5 - The identifier authority value.
21-7623811015-3361044348-030300820 - domain or local computer identifier
1013 – a Relative ID (RID). Any group or user that is not created by default will have a Relative ID of 1000 or greater.
Possible identifier authority values are:
Setup Instruction: http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/User_SID_Based_Login.ppt Understanding SID: http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Security_Identifier.doc http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Why_Understanding_SIDs_is_Important.doc Tools: http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/Install-winMd5Sum.exe http://supportkb.arraynetworks.net/kbcontent/AAA/UserSID/getsid.exe |