[Samba] domain group mapping in 3.0.23a issues

Chris smb23 at realcomputerguy.com
Fri Aug 4 18:24:08 GMT 2006

How does one create all of the builtin groups for this release?

When using tdbsam with previous releases one would automatically get 
such groups as:

System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-1832519723-2688400599-3493754984-512) -> 
Domain Guests (S-1-5-21-1832519723-2688400599-3493754984-514) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> prtadmin
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-1832519723-2688400599-3493754984-513) -> agent
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

I can manually map groups such as:

Domain Admins (S-1-5-21-1043961623-2377510293-736199847-1001) -> domadm
Domain Guests (S-1-5-21-1043961623-2377510293-736199847-1003) -> nobody
Domain Users (S-1-5-21-1043961623-2377510293-736199847-1002) -> users
Print Operators (S-1-5-21-1043961623-2377510293-736199847-1004) -> 

But for some reason members of the domadm group are not receiving admin 
priviledges when logging on.

Is the existence "-1" groups necessary?
If so how does one create them?
If not, why might members of the domadm group (as in the second example) 
not have admin priveleges when logging onto the domain?



More information about the samba mailing list