[Samba] duplicate group in NET GROUPMAP LIST
Gianluca Culot
gianlucaculot at dmsware.com
Wed May 2 09:58:49 GMT 2007
Hi List
I'm experiencing a strange behaviour on my samba server
the group "Domain Users" (and other builtin groups from my AD servers)
appear to have a duplicated SID
here is the output of
mail# > net groupmap list
System Operators (S-1-5-32-549) -> -1
Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
Replicators (S-1-5-32-552) -> -1
Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users
Guests (S-1-5-32-546) -> -1
BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1
Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
and in /var/log/messages
May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0]
sam/idmap_rid.c:rid_idmap_get_id_from_sid(476)
May 2 11:00:05 mail winbindd[23804]: rid_idmap_get_id_from_sid: no
suitable range available for sid: S-1-5-32-549
which appear to be a group in BUILTIN group from AD server
the strange fact is the Domain Users appear to have a TWO sids
Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801)
Domain Users (S-1-5-21-531635747-2076120898-3807014553-513)
The first appear to be correctly mapped to the local users group
the latter has no mapping (-1)
that's to me appeares really odd....
Can somebody explain me this old fact ?
My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works
perefctly and every user can authenticate correctly on every service with
his/her own AD domain user and password
Any Hint?
PLEASE !?!
More information about the samba
mailing list