[Samba] Re: New here ... with an NT Group problem

Igor Belyi sambauser at katehok.ac93.org
Wed Sep 29 15:55:28 GMT 2004 

Torsten E. wrote:
> Torsten E. schrieb am Mittwoch, 29. September 2004 00:22:
> So, I just tried to delete those groups/SIDs, but it doesn't work ...:
> 
> pdc:/home/torsten # net groupmap list
> System Operators (S-1-5-32-549) -> ntadmin
> Domain Users (S-1-5-21-363742550-2379833043-2840705137-513) -> ntuser
> Replicators (S-1-5-32-552) -> ntadmin
> Guests (S-1-5-32-546) -> nogroup
> NTUsers (S-1-5-21-363742550-2379833043-2840705137-1201) -> ntuser
> Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) -> -1
> Power Users (S-1-5-32-547) -> ntuser
> Print Operators (S-1-5-32-550) -> ntadmin
> Administrators (S-1-5-32-544) -> ntadmin
> Account Operators (S-1-5-32-548) -> ntadmin
> Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) -> -1
> Backup Operators (S-1-5-32-551) -> ntadmin
> Users (S-1-5-32-545) -> ntuser
> Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) -> -1
> Domain Admins (S-1-5-21-363742550-2379833043-2840705137-512) -> ntadmin
> Domain Guests (S-1-5-21-363742550-2379833043-2840705137-514) -> nogroup
> pdc:/home/torsten #
> 
> pdc:/home/torsten # net groupmap delete ntgroup="Domain Admin"
> sid=S-1-5-21-1313674548-3619494541-1192360840-512
> Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-512 from
> the mapping db
> pdc:/home/torsten # net groupmap delete
> sid=S-1-5-21-1313674548-3619494541-1192360840-513
> Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-513 from
> the mapping db
> pdc:/home/torsten # net groupmap delete
> sid=S-1-5-21-1313674548-3619494541-1192360840-514
> Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-514 from
> the mapping db
> pdc:/home/torsten #
> 
> pdc:/home/torsten # net groupmap list
> sid=S-1-5-21-1313674548-3619494541-1192360840-512
> Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) -> -1
> pdc:/home/torsten # net groupmap list
> sid=S-1-5-21-1313674548-3619494541-1192360840-513
> Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) -> -1
> pdc:/home/torsten # net groupmap list
> sid=S-1-5-21-1313674548-3619494541-1192360840-514
> Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) -> -1
> pdc:/home/torsten #
> 
> Any idea why it does not work?

Well... My guess is that S-1-5-21-1313674548-3619494541-1192360840 is 
SID of the domain you are trying to remove those mappings from. Is it 
the same SID 'net getlocalsid' retuns you? And since these are builtin 
groups they are always there - they just may have or may have not 
mappings to UNIX groups.

I suspect that your problem is that you have those other mappings from a 
wrong (old?) domain: S-1-5-21-363742550-2379833043-2840705137 and that 
those SIDs are mapped into your local UNIX groups instead of the one 
from your current domain.

So, check SID of the domain you use and then make sure that builtin 
groups from this domain are mapped to your UNIX groups.

Hope it helps,
Igor

More information about the samba mailing list