[Samba] net groupmap displays multiples

[John H Terpstra]

On Sat, 27 Sep 2003, Chris Smith wrote:

> A "net groupmap list" show 2 each of "Domain Admins" and "Domain Guests" as
> marked below with ** and *** respectively.
>
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> **Domain Admins (S-1-5-21-1068423669-2868761170-579274183-512) -> -1
> Account Operators (S-1-5-32-548) -> -1
> ***Domain Guests (S-1-5-21-1068423669-2868761170-579274183-514) -> -1
> Domain Users (S-1-5-21-1068423669-2868761170-579274183-513) -> users
> **Domain Admins (S-1-5-21-2884117546-2866258145-1073336595-512) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> ***Domain Guests (S-1-5-21-2884117546-2866258145-1073336595-514) -> -1
>
> A "net groupmap delete ntgroup="Domain Admins"" looks like it works:
> "Sucessfully removed Domain Admins from the mapping db" but yet the multiples
> remain. Is this normal and if not what can or should be done.

It looks here as if you changed either the domain name or the machine name
of your Samba server. That will result in the duplicate entries you see
here.

To correct this, stop Samba, delete the group_mapping.tdb file.
Then restart Samba and do not forget to map your Domain groups to valid
UNIX groups.

The Domain Admins group (RID=512) should be mapped to root (GID=0) so that
you have true equivalency of administrative rights in both Windows and
UNIX environments.

- John T.
-- 
John H Terpstra
Email: jht at samba.org