[Samba] duplicate group in NET GROUPMAP LIST

Gianluca Culot gianlucaculot at dmsware.com
Wed May 2 09:58:49 GMT 2007

Hi List

I'm experiencing a strange behaviour on my samba server

the group "Domain Users" (and other builtin groups from my AD servers)
appear to have a duplicated SID

here is the output of

mail# > net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
Replicators (S-1-5-32-552) -> -1
Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users
Guests (S-1-5-32-546) -> -1
BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1

and in /var/log/messages
May  2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0]
May  2 11:00:05 mail winbindd[23804]:   rid_idmap_get_id_from_sid: no
suitable range available for sid: S-1-5-32-549

which appear to be a group in BUILTIN group from AD server

the strange fact is the Domain Users appear to have a TWO sids
Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801)
Domain Users (S-1-5-21-531635747-2076120898-3807014553-513)

The first appear to be correctly mapped to the local users group
the latter has no mapping (-1)

that's to me appeares really odd....

Can somebody explain me this old fact ?

My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works
perefctly and every user can authenticate correctly on every service with
his/her own AD domain user and password

Any Hint?

