R: [Samba] duplicate group in NET GROUPMAP LIST
John H Terpstra
jht at samba.org
Wed May 2 12:55:54 GMT 2007
On Wednesday 02 May 2007 07:40, Gianluca Culot wrote:
> ...
> > > the strange fact is the Domain Users appear to have a TWO sids
> > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801)
> > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513)
> > >
> > > The first appear to be correctly mapped to the local users group
> > > the latter has no mapping (-1)
> > >
> > > that's to me appeares really odd....
> > >
> > > Can somebody explain me this old fact ?
> > >
> > > My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works
> > > perefctly and every user can authenticate correctly on every
> >
> > service with
> >
> > > his/her own AD domain user and password
> > >
> > > Any Hint?
> > > PLEASE !?!
> >
> > Execute
> > net groupmap cleanup
> >
> > then reset your mappings.
> >
> > - John T.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
>
> Looks loke
> net groupmap cleanup
> has no effect on my system
>
> here is the copy of action from my terminal
>
> mail# /home > net groupmap delete ntgroup="domain users"
> Sucessfully removed domain users from the mapping db
>
> mail# /home > net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
>
> mail# /home > net groupmap cleanup
> Group Domain Guests is not mapped
> Group Domain Users is not mapped
> Group Domain Admins is not mapped
>
> mail# /home > net groupmap add ntgroup="Domain Users" unixgroup="users"
> type=b
> No rid or sid specified, choosing algorithmic mapping
> Successfully added group Domain Users to the mapping db
>
> mail# /home > net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users
> Guests (S-1-5-32-546) -> -1
> BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
> mail# /home >
>
> Maybe Domain Users is NOT to be mapped ?
> is of any use mapping Domain Users and Users ? I would say YES as I want to
> set permissions based on AD groups
What version of Samba do you have?
For now, stop Samba, remove the group_mapping,tdb file, then remap your
groups. In the long run suggest you update to the latest release.
- John T.
More information about the samba
mailing list