[Samba] Group mappings on a domain member
Rowland Penny
rpenny at samba.org
Wed Feb 23 20:14:19 UTC 2022
On Wed, 2022-02-23 at 15:21 -0400, Robert Marcano via samba wrote:
> Greetings.
>
> On a Samba based AD domain member, what is the relationship between:
>
> # net groupmap list
> Guests (S-1-5-32-546) -> 100004
> Administrators (S-1-5-32-544) -> 100003
> Users (S-1-5-32-545) -> 100001
I would be more worried that you are getting numbers back instead of
names:
rowland at devstation:~$ sudo net groupmap list
Guests (S-1-5-32-546) -> BUILTIN\guests
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users
>
> and
>
> # wbinfo --sid-to-gid=S-1-5-11
> 100002
I do not get anything back:
rowland at devstation:~$ sudo wbinfo --sid-to-gid=S-1-5-11
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-11 to gid
>
> The first one doesn't show any reference to the wbinfo mapping of
> S-1-5-11 (Authenticated Users), Should I be worried of this? why two
> different databases for group mappings, group_mapping.tdb and
> winbindd_idmap.tdb?
>
> Note: the id mapping configurations is:
>
> idmap config MYDOMAIN : range = 278000000-278999999
> idmap config MYDOMAIN : backend = rid
> idmap config * : range = 100000-200000
> idmap config * : backend = tdb
There is probably a valid reason why you use those ranges, but why ?
I wouldn't worry about any of this, unless you are having problems you
haven't mentioned.
Rowland
More information about the samba
mailing list