On Wednesday 02 May 2007 04:58, Gianluca Culot wrote:> Hi List
>
> I'm experiencing a strange behaviour on my samba server
>
> the group "Domain Users" (and other builtin groups from my AD
servers)
> appear to have a duplicated SID
>
> here is the output of
>
> mail# > net groupmap list
> System Operators (S-1-5-32-549) -> -1
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-514) -> -1
> Replicators (S-1-5-32-552) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801) -> users
> Guests (S-1-5-32-546) -> -1
> BUILTIN (S-1-5-21-531635747-2076120898-3807014553-2001) -> 500
> Domain Guests (S-1-5-21-531635747-2076120898-3807014553-132069) ->
nobody
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-3001) -> 1000
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-1001) -> wheel
> Backup Operators (S-1-5-32-551) -> -1
> Users (S-1-5-32-545) -> -1
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-513) -> -1
> Domain Admins (S-1-5-21-531635747-2076120898-3807014553-512) -> -1
>
>
> and in /var/log/messages
> May 2 11:00:05 mail winbindd[23804]: [2007/05/02 11:00:05, 0]
> sam/idmap_rid.c:rid_idmap_get_id_from_sid(476)
> May 2 11:00:05 mail winbindd[23804]: rid_idmap_get_id_from_sid: no
> suitable range available for sid: S-1-5-32-549
>
> which appear to be a group in BUILTIN group from AD server
>
> the strange fact is the Domain Users appear to have a TWO sids
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-2801)
> Domain Users (S-1-5-21-531635747-2076120898-3807014553-513)
>
> The first appear to be correctly mapped to the local users group
> the latter has no mapping (-1)
>
> that's to me appeares really odd....
>
> Can somebody explain me this old fact ?
>
> My actual Samba server (with smtp, pop3, wibind, sshd, apache21) works
> perefctly and every user can authenticate correctly on every service with
> his/her own AD domain user and password
>
> Any Hint?
> PLEASE !?!
Execute
net groupmap cleanup
then reset your mappings.
- John T.