[Samba] Group mapping: different SIDs

Michael Billerbeck billerbeck at adesso.de
Thu Nov 24 21:23:49 GMT 2005


Hi,
I have the following situation concerning group mapping:

when I enter
> net getlocalsid
I get
> SID for domain PDC is: S-1-5-21-4166838278-3756557259-2095403906

when I enter
> net getlocalsid DOMAIN
I get
>SID for domain DOMAIN is: S-1-5-21-2018781741-1218799122-1862565094

The group mapping shows

> net groupmap list
> Domain Users (S-1-5-21-4166838278-3756557259-2095403906-513) -> -1
> Domain Admins (S-1-5-21-4166838278-3756557259-2095403906-512) -> -1
> [...]
> domadmins (S-1-5-21-2018781741-1218799122-1862565094-512) -> ntadmin
> domusers (S-1-5-21-2018781741-1218799122-1862565094-513) -> users
> [...]

Does this mean that
- the pdc itself is not in the domain (because of the different sid from
the domain sid)?
- the mapping relating of the self-defined ntgroups "domadmins" and
"domusers"
   would have no effect in the domain?

How can I check the domain a pdc is in? Can I do this with "net rpc
testjoin"?
Can I fix that by deleting the mappings for "domadmins" and "domusers" and
then mapping the "built-in" ntgroups "Domain Admins" and "Domain Users"
with the correct SID as an additional parameter or would that cause chaos?

Thanks in advance.

Michael



More information about the samba mailing list