[Samba] groupmap

Craig White craigwhite at azapple.com
Sat Nov 12 14:37:58 GMT 2005 

On Sat, 2005-11-12 at 13:28 +0000, Simon Faulkner wrote:
> Why would I have some NT domains more than once?
> 
> Did I screp up my import with the Vampire?
> 
> Should I delete the unmapped ones (Gulp!)
> 
> [root at oxidepdc ~]# net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Replicator (S-1-5-32-552) -> Replicator
> Guests (S-1-5-32-546) -> Guests
> Recipe (S-1-5-21-1019967034-149178136-1846952604-1016) -> recipe
> Domain Users (S-1-5-21-1065375514-2370838480-4047619883-513) -> -1
> Domain Users (S-1-5-21-217354674-1388124147-264849902-513) -> -1
> Domain Guests (S-1-5-21-217354674-1388124147-264849902-514) -> -1
> Power Users (S-1-5-32-547) -> -1
> Domain Users (S-1-5-21-2542624836-2007811437-2422883089-513) -> -1
> Domain Admins (S-1-5-21-1065375514-2370838480-4047619883-512) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> Administrators
> Sage (S-1-5-21-1019967034-149178136-1846952604-1005) -> Sage
> Domain Admins (S-1-5-21-1019967034-149178136-1846952604-512) -> -1
> Domain Users (S-1-5-21-2196479170-443629602-2075717434-513) -> users
> Domain Guests (S-1-5-21-1019967034-149178136-1846952604-514) -> -1
> Domain Admins (S-1-5-21-2196479170-443629602-2075717434-512) -> root
> Domain Guests (S-1-5-21-1065375514-2370838480-4047619883-514) -> -1
> Domain Users (S-1-5-21-1019967034-149178136-1846952604-513) -> -1
> Domain Guests (S-1-5-21-2196479170-443629602-2075717434-514) -> nobody
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-2968525064-3424225456-755833301-513) -> -1
> Domain Admins (S-1-5-21-2968525064-3424225456-755833301-512) -> -1
> Domain Guests (S-1-5-21-2968525064-3424225456-755833301-514) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> Users
> Domain Admins (S-1-5-21-2542624836-2007811437-2422883089-512) -> -1
> Accounts Dept (S-1-5-21-2196479170-443629602-2075717434-2003) -> acctsdep
> Domain Admins (S-1-5-21-217354674-1388124147-264849902-512) -> -1
> Domain Guests (S-1-5-21-2542624836-2007811437-2422883089-514) -> -1
> Financial Services (S-1-5-21-2196479170-443629602-2075717434-2005) -> 
> finsrvcs
> Sales (S-1-5-21-1019967034-149178136-1846952604-1030) -> sales
-----
They are all different SID's 

There's only 1 of them that matters. The SID of your domain, the rest
are pretty much meaningless. It looks like you didn't follow the vampire
instructions closely enough. How about the users, what's their SID's
look like?

# net getlocalsid

# pdbedit -Lv|grep SID

# net groupmap list

The SID's should all the same...with the exception of the RID extensions
on the specific objects.

When you vampire, you must get the SID from the NT4 PDC, and then set
the samba box to the exact same SID, then vampire, then the users,
groups, machine accounts, etc. all have the same base SID

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba mailing list