R: [Samba] duplicate group in NET GROUPMAP LIST
Rune Tønnesen
rune at tonnesen.org
Wed May 2 12:50:52 GMT 2007
Hi Gianluca
Do you have more than one password backend e.g. both
smbpasswd and tdbsam or ldapsam
?
--
Rune Tønnesen
Venlig Hilsen/Best Regards
>> -----Messaggio
originale-----
>> Da:
samba-bounces+gianlucaculot=dmsware.com at lists.samba.org
>>
[mailto:samba-bounces+gianlucaculot=dmsware.com at lists.samba.org]Per
>>
conto di John H Terpstra
>> Inviato: mercoledì 2 maggio 2007
14.07
>> A: samba at lists.samba.org
>> Oggetto: Re: [Samba]
duplicate group in NET GROUPMAP LIST
>>
>>
>> On
Wednesday 02 May 2007 04:58, Gianluca Culot wrote:
>> > Hi List
>> >
>> > I'm experiencing a strange behaviour on my samba
server
>> >
>> > the group "Domain Users"
(and other builtin groups from my AD servers)
>> > appear to have a
duplicated SID
>> >
>> > here is the output of
>> >
>> > mail# > net groupmap list
>> >
System Operators (S-1-5-32-549) -> -1
>> > Domain Guests
(S-1-5-21-531635747-2076120898-3807014553-514) -> -1
>> >
Replicators (S-1-5-32-552) -> -1
>> > Domain Users
(S-1-5-21-531635747-2076120898-3807014553-2801) -> users
>> >
Guests (S-1-5-32-546) -> -1
>> > BUILTIN
(S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
>> > Domain
Guests (S-1-5-21-531635747-2076120898-3807014553-132069)
>> -> nobody
>> > Power Users (S-1-5-32-547) -> -1
>> > Print
Operators (S-1-5-32-550) -> -1
>> > Administrators (S-1-5-32-544)
-> -1
>> > Account Operators (S-1-5-32-548) -> -1
>> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) ->
1000
>> > Domain Admins
(S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
>> >
Backup Operators (S-1-5-32-551) -> -1
>> > Users (S-1-5-32-545)
-> -1
>> > Domain Users
(S-1-5-21-531635747-2076120898-3807014553-513) -> -1
>> > Domain
Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
>> >
>> >
>> > and in /var/log/messages
>> >
May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0]
>> >
sam/idmap_rid.c:rid_idmap_get_id_from_sid(476)
>> > May 2 11:00:05
mail winbindd[23804]: rid_idmap_get_id_from_sid: no
>> > suitable
range available for sid: S-1-5-32-549
>> >
>> > which
appear to be a group in BUILTIN group from AD server
>> >
>> > the strange fact is the Domain Users appear to have a TWO sids
>> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801)
>> > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513)
>> >
>> > The first appear to be correctly mapped to the
local users group
>> > the latter has no mapping (-1)
>>
>
>> > that's to me appeares really odd....
>> >
>> > Can somebody explain me this old fact ?
>> >
>> > My actual Samba server (with smtp, pop3, wibind, sshd, apache21)
works
>> > perefctly and every user can authenticate correctly on
every
>> service with
>> > his/her own AD domain user and
password
>> >
>> > Any Hint?
>> >
PLEASE !?!
>>
>> Execute
>> net groupmap cleanup
>>
>> then reset your mappings.
>>
>> - John T.
>> --
>> To unsubscribe from this list
go to the following URL and read the
>> instructions:
https://lists.samba.org/mailman/listinfo/samba
>>
>
>
Looks loke
> net groupmap cleanup
> has no effect on my system
>
> here is the copy of action from my terminal
>
>
mail# /home > net groupmap delete ntgroup="domain users"
>
Sucessfully removed domain users from the mapping db
>
> mail#
/home > net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody
> Power Users (S-1-5-32-547) -> -1
> Print Operators
(S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
>
Account Operators (S-1-5-32-548) -> -1
> Domain Users
(S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
> Domain Admins
(S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
> Backup
Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
>
> mail# /home > net groupmap cleanup
> Group Domain
Guests is not mapped
> Group Domain Users is not mapped
> Group
Domain Admins is not mapped
>
> mail# /home > net groupmap add
ntgroup="Domain Users" unixgroup="users"
> type=b
> No rid or sid specified, choosing algorithmic mapping
> Successfully
added group Domain Users to the mapping db
>
> mail# /home >
net groupmap list
> System Operators (S-1-5-32-549) -> -1
>
Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
>
Replicators (S-1-5-32-552) -> -1
> Domain Users
(S-1-5-21-531635747-2076120898-3807014553-2801) -> users
> Guests
(S-1-5-32-546) -> -1
> BUILTIN
(S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
> Domain Guests
(S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody
> Power
Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators
(S-1-5-32-548) -> -1
> Domain Users
(S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
> Domain Admins
(S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
> Backup
Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
> mail# /home >
>
> Maybe Domain Users is NOT to be mapped
?
> is of any use mapping Domain Users and Users ? I would say YES as I
want to
> set permissions based on AD groups
>
>
> --
> To unsubscribe from this list go to the following URL and read
the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list