[Samba] Why do un-groupmap'ed Unix groups show up in Windows?

Gerald (Jerry) Carter jerry at samba.org
Mon Mar 13 04:32:00 GMT 2006

Hash: SHA1

Michael Lueck wrote:
> Typical Linux Distros add all sorts of Unix groups to users when it
> creates them, like cdrom, floppy, dialout, audio, etc...
> Logging in to the domain from Windows with an account that has such
> membership over on Linux... "ifmember.exe /list" shows all of those
> memberships. Why exactly? I would expect only the groups I did a "net
> groupmap" on would be considered by Samba. Makes me wonder the real
> results of...
> net groupmap add ntgroup=ntadmins unixgroup=ntadmins type=d
> since groups I did not map show up on Windows.

The unmapped groups are still part of the user's token.  So they
have to be reported somehow.  Same thing if you look at the ACL
on a file that has a unmapped group.  You expect to see the Unix
group name,

cheers, jerry
I live in a Reply-to-All world.               -----------------------
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list