group database API

Luke Kenneth Casson Leighton lkcl at
Wed Nov 25 23:37:14 GMT 1998

ok, we had someone make an encouraging comment ("hey cool, i added two
groups to /etc/group and they came up in USRMGR.EXE!") and they said also,
"i can't add users to the Local Administrator group".

well, researching this led me to find that the samr call 0x10 should not
be, as i called it, "lookup_ids", but should be called
"samr_query_useraliases" and is equivalent to the MSDN
"NetUserGetLocalGroups" function (methinks).


this call is made on both S-1-5-20 and on S-1-5-21-xxx-yyy-zzz.

why is it made on S-1-5-20?  because that's the "BUILTIN" domain, of which
"Local Administrator group" is a member.


this means that the "domain group map" and "local group map" functionality
is going to have to support the domain named "BUILTIN".


so, expect to have to add, to say /usr/local/samba/lib/

wheel	"BUILTIN\Administrators"
acctops	"BUILTIN\Account Operators"
backops	"BUILTIN\Backup Operators"

why me.  i mean, what did i ever do to deserve this?

More information about the samba-technical mailing list