[Samba] Group mapping: different SIDs
Michael Billerbeck
billerbeck at adesso.de
Thu Nov 24 21:23:49 GMT 2005
Hi,
I have the following situation concerning group mapping:
when I enter
> net getlocalsid
I get
> SID for domain PDC is: S-1-5-21-4166838278-3756557259-2095403906
when I enter
> net getlocalsid DOMAIN
I get
>SID for domain DOMAIN is: S-1-5-21-2018781741-1218799122-1862565094
The group mapping shows
> net groupmap list
> Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1
> Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1
> [...]
> domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> ntadmin
> domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users
> [...]
Does this mean that
- the pdc itself is not in the domain (because of the different sid from
the domain sid)?
- the mapping relating of the self-defined ntgroups "domadmins" and
"domusers"
would have no effect in the domain?
How can I check the domain a pdc is in? Can I do this with "net rpc
testjoin"?
Can I fix that by deleting the mappings for "domadmins" and "domusers" and
then mapping the "built-in" ntgroups "Domain Admins" and "Domain Users"
with the correct SID as an additional parameter or would that cause chaos?
Thanks in advance.
Michael
More information about the samba
mailing list