[Samba] Duplicate group mappings - which ones to delete?

Gary Dale garydale at torfree.net
Mon Feb 26 18:06:39 GMT 2007 

The ones pointing to -1 are not being used. However, there is no point 
in deleting them. They are standard Windows groups that are not mapped 
to Unix groups.

The two "parts" mappings each have a different SID. They are therefore 
not duplicates. Possibly you have two different "parts" groups in 
Windows somehow. You're going to have to track them down to find out how 
they are being used. Do you have a Unix group called "parts"? If not, 
then the ones that refer to it are wrong.

The middle group, which maps "users" to "users" looks suspicious. You 
may notice that you already have a "Users" mapping for Windows.

However, it may be that you are using pam-winbind to authenticate Unix 
systems to your domain, in which case the two different "parts" and the 
"users" may be related to that.

I'm not an expert, but I hope this helps.


Paul Smith wrote:
> I'm using Samba 3.0.21b on Debian linux using a tdbsam database as a PDC
> for domain ADADOM.  I have a problem with duplicate group mappings and
> need to delete some, however, I don't know which one is being used.  Is
> there a way I can find out which ones have no users assigned to them?
>
> Here's the sorted output of "net groupmap list".  The last three are the
> issue.  I only need one "parts" mapping and I'm pretty sure I don't need
> the "users" mapping:
>
> phoenix:~# net groupmap list
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Admins (S-1-5-21-3597458131-155160113-1223051555-512) -> ntadmin
> Domain Guests (S-1-5-21-3597458131-155160113-1223051555-514) -> nogroup
> Domain Users (S-1-5-21-3597458131-155160113-1223051555-513) -> users
> Accounting (S-1-5-21-3597458131-155160113-1223051555-132069) ->
> accounting
> Sales (S-1-5-21-3597458131-155160113-1223051555-132072) -> sales
> Human Resources (S-1-5-21-3597458131-155160113-1223051555-132077) -> hr
> IT (S-1-5-21-3597458131-155160113-1223051555-132071) -> it
> Engineering (S-1-5-21-3597458131-155160113-1223051555-132070) ->
> engineering
> parts (S-1-5-21-3597458131-155160113-1223051555-132073) -> parts
> users (S-1-5-21-3597458131-155160113-1223051555-132075) -> users
> parts (S-1-5-21-3597458131-155160113-1223051555-132074) -> parts
>
> Thanks,
> Paul
>

More information about the samba mailing list