[Samba] multiple sids

[Greg Andrews]

Hello All,

I have a small issue which , whilst right now is not too much of an issue,
will come back to haunt me unless I can sort it out.

System samba 3.05 on redhat 9
running as a pdc



It is  that in samba 3.05 I have multiple sids for "Domain Users"

ie

Domain Users ->  < S- "alotofnumbers" - 513 >  -> -1

but also have

Domain Users ->  <S- "alotofnumbers" -1601>  -> ebody


Now the "alotofnumbers"  are indentical except for the last few digits  ie
1601 and 513 and the unixgroup ebody is correct.
I also have a sneaking suspicion that the one which ends in 513 is the
"correct" one as domain admins and domain guests end in 512 and 514
respectively

I have tried

net  groupmap delete ntgroup="Domain users"

and this says it has successfully removed the Domain Users group

I then ran net groupmap cleanup

then net groupmap list.

Guess what ( rhetoric of course )

net group list still shows the two Domain Users groups.

I can however add a new group and delete it quite happily

Effectively this means that I cannot grant local admin rights to the
Domain Users group, which is something that I really need to be able to
do.

So the question is

1. How do I remove the unwanted entry/ies  ?
2. What file keeps track of these group entries in samba 3.05 and can I
edit/trash  it directly and/or start it again  ? With what reprecussions ?
3. What is likely to have caused this little hiccup ( as it has worked in
the past quite nicely)  so that I might try and avoid it in the future.

Is it something that I have done ?  Silly question really as I am the only
one who has access to it, but I would love to know what I did to could
cause such a problem. The real problem I have is that it is a "live"
system spread over 3 sites geographically separated by some distance

Any and all assistance gratefully accepted

Regards


-- 
Greg Andrews
System Manager
RGTechnologies Pty Ltd
606 Skipton Street
Ballarat 3350
613 53363603
0417 511 731
andrews at rgt.com.au