[Samba] Group management

David "3oz" Sonenberg pip_prime at yahoo.com
Thu Aug 12 16:48:21 GMT 2004 

OK, here's how far I got:
[root at samba 50 Inch Content]# net getlocalsid
SID for domain SAMBA is:
S-1-5-21-2915653246-892158047-278579456

I was able to delete some of the groups using
net RPC group delete sid=xxxxxxxxxxxx
net groupmap delete sid=xxxxxxxxxxxx

but not all of them.

Here's a whole lot of output:

[root at samba 50 Inch Content]# net RPC group delete
sid=S-1-5-32-549
Password:
Lookup of 'sid=S-1-5-32-549' failed
[root at samba 50 Inch Content]# net RPC group delete
'System Operators'
Password:
Lookup of 'System Operators' failed
[root at samba 50 Inch Content]# net RPC group delete
sid=S-1-5-32-549 -d 2
[2004/08/12 12:45:52, 2]
lib/interface.c:add_interface(79)
  added interface ip=192.168.1.50 bcast=192.168.1.255
nmask=255.255.255.0
Password:
Lookup of 'sid=S-1-5-32-549' failed
[2004/08/12 12:45:54, 1]
utils/net_rpc.c:run_rpc_command(141)
  rpc command function failed! (NT_STATUS_NONE_MAPPED)
[2004/08/12 12:45:54, 2] utils/net.c:main(792)
  return code = 1
[root at samba 50 Inch Content]# net RPC group delete
sid=S-1-5-32-549 -d 2
[2004/08/12 12:46:08, 2]
lib/interface.c:add_interface(79)
  added interface ip=192.168.1.50 bcast=192.168.1.255
nmask=255.255.255.0
Password:
Lookup of 'sid=S-1-5-32-549' failed
[2004/08/12 12:46:11, 1]
utils/net_rpc.c:run_rpc_command(141)
  rpc command function failed! (NT_STATUS_NONE_MAPPED)
[2004/08/12 12:46:11, 2] utils/net.c:main(792)
  return code = 1

[root at samba 50 Inch Content]# net groupmap delete
'System Operators' -d 2
[2004/08/12 12:47:28, 2]
lib/interface.c:add_interface(79)
  added interface ip=192.168.1.50 bcast=192.168.1.255
nmask=255.255.255.0
Bad option: System Operators
[2004/08/12 12:47:28, 2] utils/net.c:main(792)
  return code = -1
[root at samba 50 Inch Content]# net groupmap delete
sid=S-1-5-32-552 -d 2
[2004/08/12 12:47:41, 2]
lib/interface.c:add_interface(79)
  added interface ip=192.168.1.50 bcast=192.168.1.255
nmask=255.255.255.0
Sucessfully removed S-1-5-32-552 from the mapping db
[2004/08/12 12:47:41, 2] utils/net.c:main(792)
  return code = 0
[root at samba 50 Inch Content]# net groupmap list
System Operators (S-1-5-32-549) -> -1


	
--- Craig White <craigwhite at azapple.com> wrote:

> On Thu, 2004-08-12 at 08:29, David "3oz" Sonenberg
> wrote:
> > I'm trying to add a user to the domain admins
> group in
> > vain.  I've tried using the windows usrgrp tool. 
> I've
> > tried doing 'pdbedit -u username -G
> > S-1-5-21-2351621536-730267382-1598341932-512' 
> I've
> > tried 'net groupmember ADD 'Domain Admins'
> username. 
> > The user I'm trying to add is already in the
> unixgroup
> > that's mapped to the NTgroup.  Does any one know
> the
> > proper way to do this?  Here's my groupmappings:
> > 
> > [root at samba root]# net groupmap list
> > System Operators (S-1-5-32-549) -> -1
> > Replicators (S-1-5-32-552) -> -1
> > Guests (S-1-5-32-546) -> -1
> > Domain Users
> > (S-1-5-21-2915653246-892158047-278579456-513) ->
> users
> > Domain Users
> > (S-1-5-21-2351621536-730267382-1598341932-513) ->
> -1
> > Domain Admins
> > (S-1-5-21-2351621536-730267382-1598341932-512) ->
> > ntadmins
> > Domain Guests
> > (S-1-5-21-2351621536-730267382-1598341932-514) ->
> > nobody
> > Domain Guests
> > (S-1-5-21-2915653246-892158047-278579456-514) ->
> -1
> > Power Users (S-1-5-32-547) -> -1
> > Domain Users
> > (S-1-5-21-152711010-200846165-2210790283-513) ->
> users
> > Print Operators (S-1-5-32-550) -> -1
> > Administrators (S-1-5-32-544) -> -1
> > Account Operators (S-1-5-32-548) -> -1
> > X3D Employees
> > (S-1-5-21-2915653246-892158047-278579456-1112) ->
> > david$
> > Domain Guests
> > (S-1-5-21-152711010-200846165-2210790283-514) ->
> > nobody
> > Backup Operators (S-1-5-32-551) -> -1
> > Users (S-1-5-32-545) -> -1
> > Domain Admins
> > (S-1-5-21-2915653246-892158047-278579456-512) ->
> -1
> ----
> you need to clean up your groupmaps first
> 1 - from cli 
>     net getlocalsid
> 
> 2 - your local SID should match the SID's below
> (ignoring the RID)
>     evidently it is either:
>     S-1-5-21-2915653246-892158047-278579456
>     or
>     S-1-5-21-2351621536-730267382-1598341932
>     or
>     S-1-5-21-152711010-200846165-2210790283
> 
> 3 - duplicates/unmapped entries/non matching SID's
> below
> 
> >System Operators (S-1-5-32-549) -> -1
> delete or fix
> > Replicators (S-1-5-32-552) -> -1
> delete or fix
> > Guests (S-1-5-32-546) -> -1
> delete or fix
> > Domain Users
> (S-1-5-21-2915653246-892158047-278579456-513) ->
> users
> ok - SID?
> > Domain Users
> (S-1-5-21-2351621536-730267382-1598341932-513) -> -1
> delete
> > Domain Admins
> (S-1-5-21-2351621536-730267382-1598341932-512) ->
> ntadmins
> ok - SID?
> > Domain Guests
> (S-1-5-21-2351621536-730267382-1598341932-514) ->
> nobody
> ok - SID?
> > Domain Guests
> (S-1-5-21-2915653246-892158047-278579456-514) -> -1
> delete
> > Power Users (S-1-5-32-547) -> -1
> delete or fix
> > Domain Users
> (S-1-5-21-152711010-200846165-2210790283-513) ->
> users
> 2nd entry - delete
> > Print Operators (S-1-5-32-550) -> -1
> delete or fix
> > Administrators (S-1-5-32-544) -> -1
> delete or fix
> > Account Operators (S-1-5-32-548) -> -1
> delete or fix
> > X3D Employees
> (S-1-5-21-2915653246-892158047-278579456-1112) ->
> david$
> doesn't make any sense - david$ is a machine
> account, not a unix group
> > Domain Guests
> (S-1-5-21-152711010-200846165-2210790283-514) ->
> nobody
> 2nd entry - delete
> > Backup Operators (S-1-5-32-551) -> -1
> delete or fix
> > Users (S-1-5-32-545) -> -1
> delete or fix
> > Domain Admins
> (S-1-5-21-2915653246-892158047-278579456-512) -> -1
> delete
> 
> Craig
> 
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

More information about the samba mailing list