> -----Messaggio originale----- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > conto di John H Terpstra > Inviato: mercoledì 2 maggio 2007 14.07 > A: samba@lists.samba.org > Oggetto: Re: [Samba] duplicate group in NET GROUPMAP LIST > > > On Wednesday 02 May 2007 04:58, Gianluca Culot wrote: > > Hi List > > > > I'm experiencing a strange behaviour on my samba server > > > > the group "Domain Users" (and other builtin groups from my AD servers) > > appear to have a duplicated SID > > > > here is the output of > > > > mail# > net groupmap list > > System Operators (S-1-5-32-549) -> -1 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 > > Replicators (S-1-5-32-552) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users > > Guests (S-1-5-32-546) -> -1 > > BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 > > Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) > -> nobody > > Power Users (S-1-5-32-547) -> -1 > > Print Operators (S-1-5-32-550) -> -1 > > Administrators (S-1-5-32-544) -> -1 > > Account Operators (S-1-5-32-548) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel > > Backup Operators (S-1-5-32-551) -> -1 > > Users (S-1-5-32-545) -> -1 > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 > > Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 > > > > > > and in /var/log/messages > > May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0] > > sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) > > May 2 11:00:05 mail winbindd[23804]: rid_idmap_get_id_from_sid: no > > suitable range available for sid: S-1-5-32-549 > > > > which appear to be a group in BUILTIN group from AD server > > > > the strange fact is the Domain Users appear to have a TWO sids > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) > > Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) > > > > The first appear to be correctly mapped to the local users group > > the latter has no mapping (-1) > > > > that's to me appeares really odd.... > > > > Can somebody explain me this old fact ? > > > > My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works > > perefctly and every user can authenticate correctly on every > service with > > his/her own AD domain user and password > > > > Any Hint? > > PLEASE !?! > > Execute > net groupmap cleanup > > then reset your mappings. > > - John T. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Looks loke net groupmap cleanup has no effect on my system here is the copy of action from my terminal mail# /home > net groupmap delete ntgroup="domain users" Sucessfully removed domain users from the mapping db mail# /home > net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 mail# /home > net groupmap cleanup Group Domain Guests is not mapped Group Domain Users is not mapped Group Domain Admins is not mapped mail# /home > net groupmap add ntgroup="Domain Users" unixgroup="users" type=b No rid or sid specified, choosing algorithmic mapping Successfully added group Domain Users to the mapping db mail# /home > net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1 Replicators (S-1-5-32-552) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users Guests (S-1-5-32-546) -> -1 BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500 Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) -> nobody Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1 Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1 mail# /home > Maybe Domain Users is NOT to be mapped ? is of any use mapping Domain Users and Users ? I would say YES as I want to set permissions based on AD groups -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba