[Samba] Samba domain groups

Craig White craigwhite at azapple.com
Thu Feb 23 14:49:59 GMT 2006 

On Thu, 2006-02-23 at 15:04 +0100, "Bjørn Fahnøe" wrote:
> When I do a 
> net groupmap list
> I get
> Domain Admins (S-1-5-21-1760016482-394088656-2614712563-512) -> root
> Domain Admins (S-1-5-21-1941513877-1053742263-1100610399-512) -> -1
> Domain Admins (S-1-5-21-57081839-3644741509-3819056003-512) -> -1
> Domain Guests (S-1-5-21-1760016482-394088656-2614712563-514) -> nogroup
> Domain Guests (S-1-5-21-1941513877-1053742263-1100610399-514) -> -1
> Domain Guests (S-1-5-21-57081839-3644741509-3819056003-514) -> -1
> Domain Users (S-1-5-21-1760016482-394088656-2614712563-513) -> users
> Domain Users (S-1-5-21-1941513877-1053742263-1100610399-513) -> -1
> Domain Users (S-1-5-21-57081839-3644741509-3819056003-513) -> -1
> 
> Why is there 3 groups of every kind?
> I have not done anything to get them.
> Can I delete the groups that is not mapped to unixgroups with Webmin?
> Or shall I let them exist and not bother about them?
----
Assuming that this is your PDC system, and this is a new install

net getlocalsid would give you the SID for your domain and the only ones
of interest are the ones that match the SID obtained from 'net
getlocalsid'

Notice the symmetry here...

[root at srv1 /]# net getlocalsid
SID for domain SRV1 is: S-1-5-21-0123456789-0123456789-0123456789


[root at srv1 /]# pdbedit -Lv |grep SID
User SID:             S-1-5-21-0123456789-0123456789-0123456789-2006
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-553
User SID:             S-1-5-21-0123456789-0123456789-0123456789-2016
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513
User SID:             S-1-5-21-0123456789-0123456789-0123456789-2008
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513
User SID:             S-1-5-21-0123456789-0123456789-0123456789-1000
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513
User SID:             S-1-5-21-0123456789-0123456789-0123456789-1001
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513
User SID:             S-1-5-21-0123456789-0123456789-0123456789-2014
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513
User SID:             S-1-5-21-0123456789-0123456789-0123456789-2018
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513
User SID:             S-1-5-21-0123456789-0123456789-0123456789-2020
Primary Group SID:    S-1-5-21-0123456789-0123456789-0123456789-513

[root at srv1 /]# net groupmap list
Domain Computers (S-1-5-21-0123456789-0123456789-0123456789-553) ->
Domain Computers
Domain Admins (S-1-5-21-0123456789-0123456789-0123456789-512) -> root
Domain Users (S-1-5-21-0123456789-0123456789-0123456789-513) ->
dom_users
Domain Guests (S-1-5-21-0123456789-0123456789-0123456789-514) -> Domain
Guests
Administrators (S-1-5-21-0123456789-0123456789-0123456789-544) ->
Administrators
Guests (S-1-5-21-0123456789-0123456789-0123456789-546) -> Guests
Power Users (S-1-5-21-0123456789-0123456789-0123456789-547) -> Power
Users
Account Operators (S-1-5-21-0123456789-0123456789-0123456789-548) ->
Account Operators
Server Operators (S-1-5-21-0123456789-0123456789-0123456789-549) ->
Server Operators
Print Operators (S-1-5-21-0123456789-0123456789-0123456789-550) -> Print
Operators
Backup Operators (S-1-5-21-0123456789-0123456789-0123456789-551) ->
Backup Operators
Replicator (S-1-5-21-0123456789-0123456789-0123456789-552) -> Replicator

Craig

More information about the samba mailing list