[Samba] winbind: BUILTIN\users group gid 1001 conflict

Don Piven samba at piven.org
Sat Mar 24 18:43:54 GMT 2007

Sez Christoph Peus:
> Hi everybody,
> I've joined a fileserver running samba 3.0.24 to an AD domain using 
> winbind and noticed that samba maps the "users" group SID (5-1-5-32-545) 
>  to gid 1001 automatically. This seems to conflict with one of ~2000 
> mappings I had to "inject" in winbinds winbindd_idmap.tdb by use of net 
> idmap dump/restore, because the fileserver had millions of files with 
> certain uid/gid ownership from a local passwd/group before I did the 
> "net ads join". The gid 1001 was allocated to the group "nawi" in 
> /etc/group before.
> I'm unsure now which problems could be caused by this regarding security.
> Is it possible - and usefull - to change this mapping to get a 
> "BUILTIN\users" group as expected?
> Thanks!

Have you checked the "idmap" settings in your smb.conf?  In particular, 
"idmap uid" and "idmap gid" specify the range of uid/gid values used to 
map to SIDs.

More information about the samba mailing list