[Samba] Trying to get a better understanding of group mapping

Jamrock news_jamrock at yahoo.com
Sun Apr 25 22:47:04 GMT 2004


I have been doing some reading re: group mapping but a few questions remain.

Here is what I understand.  Feel free to correct me where I am wrong.

Group mapping is necessary to provide Windows domain accounts with
privileges on the Linux machine.

The net groupmap modify command is used to map any Windows group to a Linux

Now for the things I don't fully understand:

When I start Samba for the first time and run the groupmap list command I
see the following:

System Operators (S-1-5-32-549) -> -1
Domain Admins (S-1-5-21-1909645564-1757561684-117019378-512) -> -1
Domain Guests (S-1-5-21-1909645564-1757561684-117019378-514) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-1909645564-1757561684-117019378-513) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

Only the domain accounts have the same sid that I see when I run the
getlocalsid command.  Why is this?  Does it have anything to do with the
whole Windows logic of domain accounts vs. local accounts?

What is the advantage of mapping the non-domain accounts?  See

The example in the Samba How To Collection maps the Windows Domain Admins
group to the Linux ntadmin group.  Why don't we just map it to the Linux
root group?  How do we make the ntadmin group have root access on the Linux

Is it enough to just create the user root using the smbpasswd command?  Does
anything else have to be done to give it administrator privileges on the
Samba domain?

More information about the samba mailing list