[Samba] Winbind Map

Rowland Penny rpenny at samba.org
Wed Mar 16 07:57:27 UTC 2022


On Tue, 2022-03-15 at 23:21 -0300, Anderson Sampaio Mello via samba
wrote:
> Hi Rowland.
> Thanks for the answer
> 
> The command I type is wbinfo --group-info name-group, example:
> wbinfo --group-info administrators
> Output:
> DOMAIN\administrators:x:3000024
> 
> But when I inform the BUILTIN before, the mapping appears, for
> example:
> wbinfo --group-info BUILTIN\\administrators
> Output:
> BUILTIN\administrators:x:3000000

I think you may have found a bug, I have never given this much thought
before, everything has just worked. But after I ran your command and
got the same results that you did, I had a look in idmap.ldb and found
this:

dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_BOTH
xidNumber: 3000000
distinguishedName: CN=S-1-5-32-544

Which I expected, but I also found this:

dn: CN=S-1-5-21-1768301897-3342589593-1064908849-544
cn: S-1-5-21-1768301897-3342589593-1064908849-544
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-544
type: ID_TYPE_BOTH
xidNumber: 3000227
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-544

So, it looks like, on a Samba DC, a RID (544) has two Unix IDs and as
far as I am aware, RIDs are unique, so the Unix IDs should also be
unique.

Rowland





More information about the samba mailing list