[Samba] net groupmap / domain admins problem - Amazon prize

Andrew Judge ajudge at grovenetworks.com
Thu Jan 8 03:46:51 GMT 2004

I think that most of my problems are somewhat resolved except for this last
one.  I can not get domain admin rights to the ntadmins users.  I get the
following output for groupmaps:

[root at fire2 i386]# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Users (S-1-5-21-4130613172-3879250231-1853402206-513) -> users
Domain Guests (S-1-5-21-3168668608-3928139368-1822977481-514) -> -1
Domain Admins (S-1-5-21-3168668608-3928139368-1822977481-512) -> -1
Domain Guests (S-1-5-21-1206063004-3966108128-1487570950-514) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Admins (S-1-5-21-4130613172-3879250231-1853402206-512) -> ntadmins
Domain Users (S-1-5-21-1206063004-3966108128-1487570950-513) -> -1
Domain Users (S-1-5-21-3168668608-3928139368-1822977481-513) -> -1
Domain Guests (S-1-5-21-4130613172-3879250231-1853402206-514) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

Obviously there is a problem with the domain '*' SID because there are
duplicates.  Any idea how to correct this problem and get the users logged
in with admin rights.  I have RH EN v.3 and samba 3.0.0-14.3E from RH.  I
can see the users from the samba server and the users can log in, but no
rights.  Big problem.

Now... I migrated from 2.2.3a to the above and I have all the tdb and I
cahnged the SID to the last PDC.  Anyway, how would I get the right SID?  I
have NTUSER.DAT files that I can run profiles against to read them.  Would
that help?

First one that can point me in the right direction to get this resolved -
I'll buy them a amazon gift cert for $50.  Beats going bald from pulling out
my hair.

Andy Judge

More information about the samba mailing list