[Samba] understanding users mapping

fdelval at rojatex.com fdelval at rojatex.com
Fri Feb 4 02:44:14 MST 2011 


Ah ok, im not very used to the mailing list system, excuse me.

I just made 5 unix groups, following the SID's at the end of my post:

remote users
guests
users
Dmn admins
copy users

I went to the XP i had joined to the domain, and i went to "user and
groups management" (right click, properties over my pc -> management)
There, i see that Domain admins is automatically mapped.
And windows "users" group is mapped to   MYDOMAIN\none  automatically
aswell, although i doub if thats correct.
But the other arent.

Are mappings automatic? or i must link NT groups to UNIX groups manually
on each XP machine, except for Domain admins group?

thank you

SID's gathered from samba doc's

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/groupmapping.html

Well-Known Entity	RID	Type	Essential
Domain Administrator	500	User	No
Domain Guest	501	User	No
Domain KRBTGT	502	User	No
Domain Admins	512	Group	Yes
Domain Users	513	Group	Yes
Domain Guests	514	Group	Yes
Domain Computers	515	Group	No
Domain Controllers	516	Group	No
Domain Certificate Admins	517	Group	No
Domain Schema Admins	518	Group	No
Domain Enterprise Admins	519	Group	No
Domain Policy Admins	520	Group	No
Builtin Admins	544	Alias	No
Builtin users	545	Alias	No
Builtin Guests	546	Alias	No
Builtin Power Users	547	Alias	No
Builtin Account Operators	548	Alias	No
Builtin System Operators	549	Alias	No
Builtin Print Operators	550	Alias	No
Builtin Backup Operators	551	Alias	No
Builtin Replicator	552	Alias	No
Builtin RAS Servers	553	Alias	No







> Please CC to samba list.
>
> 2011/2/4  <fdelval at rojatex.com>:
>> root has adding machines privileges because root has all powers in linux
>> and samba
>
> Yes, root (uid=0) has natively all rights on Samba.
>
>> Domain Admins has privileges because that group already had privileges
>> in
>> windows, and samba understand that
>
> Yes, rid=512 is reserved for "Domain Admins" and "Domain Admins" has
> the rights natively.
>
>> srvadmins has rights because i granted them with the net rpc privileges.
>
> Yes.
>
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
>


-- 
Fran Del Val
Dpto de informática.
Rojatex S.L.

More information about the samba mailing list