[Samba] Domain member server: user access

L.P.H. van Belle belle at bazuin.nl
Tue Sep 26 11:54:22 UTC 2017

Hai Rowland, 

> No, you haven't done anything wrong and yes the provision 
> does set Domain Users to '100' in idmap.ldb.

This i did not know, only wondering why its not BUILTIN\users ( how it is in windows ). 
Do you know as of which version this is? Of as of start, i really never noticed this. 

> Do not remove Domain Users, but you are correct, there is no 
> way to modify a user or group with samba-tool (you can do 
> this for a user with 4.7.0), but you can use ldbedit.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Ok, i did read somewhere that 
Samba uses S-1-22-1 for users and S1-22-2 for groups. 

wbinfo -G 100

wbinfo -G 10000

S1-22-2-10000 Is the unix group with uid 10000
( with is also in my case "Domain Users" ) 
But how this maps again in samba, that i really dont know. 

Arg, very confusion all.. 
Well, at least we now know this by design. Pfew.. 

Thanks for all the info guys. 



More information about the samba mailing list