[Samba] winbind: BUILTIN\users group gid 1001 conflict
samba at piven.org
Sat Mar 24 18:43:54 GMT 2007
Sez Christoph Peus:
> Hi everybody,
> I've joined a fileserver running samba 3.0.24 to an AD domain using
> winbind and noticed that samba maps the "users" group SID (5-1-5-32-545)
> to gid 1001 automatically. This seems to conflict with one of ~2000
> mappings I had to "inject" in winbinds winbindd_idmap.tdb by use of net
> idmap dump/restore, because the fileserver had millions of files with
> certain uid/gid ownership from a local passwd/group before I did the
> "net ads join". The gid 1001 was allocated to the group "nawi" in
> /etc/group before.
> I'm unsure now which problems could be caused by this regarding security.
> Is it possible - and usefull - to change this mapping to get a
> "BUILTIN\users" group as expected?
Have you checked the "idmap" settings in your smb.conf? In particular,
"idmap uid" and "idmap gid" specify the range of uid/gid values used to
map to SIDs.
More information about the samba