On Fri, 2022-05-13 at 02:14 -0300, Anderson Sampaio Mello via samba wrote:> Hello samba team. > > I have a samba configured as a member server of a samba4 domain. This > member server is version 4.15.5 > > The big problem is that the member server winbind does not generate > the > gids for some BUILTIN groups, for example: > > Account Operators > Server Operators > Backup Operators > Print OperatorsI wouldn't worry it, that doesn't work for myself on a Unix domain member, but these do: sudo wbinfo --name-to-sid="BUILTIN\Account Operators" S-1-5-32-548 SID_ALIAS (4) sudo wbinfo --name-to-sid="BUILTIN\Server Operators" S-1-5-32-549 SID_ALIAS (4) sudo wbinfo --name-to-sid="BUILTIN\Backup Operators" S-1-5-32-551 SID_ALIAS (4) sudo wbinfo --name-to-sid="BUILTIN\Print Operators" S-1-5-32-550 SID_ALIAS (4) And in reverse: sudo wbinfo --sid-to-name=S-1-5-32-548 BUILTIN\account operators 4 sudo wbinfo --sid-to-name=S-1-5-32-549 BUILTIN\server operators 4 sudo wbinfo --sid-to-name=S-1-5-32-551 BUILTIN\backup operators 4 sudo wbinfo --sid-to-name=S-1-5-32-550 BUILTIN\print operators 4 So the code knows who they are. :-) Rowland
Anderson Sampaio Mello
2022-May-20 01:31 UTC
[Samba] builtin groups are not mapped by winbind
Thanks for the reply Rowland. But actually I want to map these groups to groups builtins, that's why I reported such a problem. The suggested command generates the same output as shown but the mapping is not done for other BUILTIN user groups, only the groups "BUILTIN\Administrators", "BUILTIN\Guests", "BUILTIN\Users" are mapped automatically. I would like to know why mapping is not done for BUILTIN groups: "BUILTIN\Account Operators" "BUILTIN\Server Operators" "BUILTIN\Backup Operators" "BUILTIN\Print Operators" "BUILTIN\Replicator" As is done for "BUILTIN\Administrators", "BUILTIN\Guests", "BUILTIN\Users" ? If anything, it's that BUILTIN group mappings are created inside group_mapping.tdb and not in winbindd_idmap.tdb Em seg., 16 de mai. de 2022 ?s 05:03, Rowland Penny via samba < samba at lists.samba.org> escreveu:> On Fri, 2022-05-13 at 02:14 -0300, Anderson Sampaio Mello via samba > wrote: > > Hello samba team. > > > > I have a samba configured as a member server of a samba4 domain. This > > member server is version 4.15.5 > > > > The big problem is that the member server winbind does not generate > > the > > gids for some BUILTIN groups, for example: > > > > Account Operators > > Server Operators > > Backup Operators > > Print Operators > > I wouldn't worry it, that doesn't work for myself on a Unix domain > member, but these do: > > sudo wbinfo --name-to-sid="BUILTIN\Account Operators" > S-1-5-32-548 SID_ALIAS (4) > > sudo wbinfo --name-to-sid="BUILTIN\Server Operators" > S-1-5-32-549 SID_ALIAS (4) > > sudo wbinfo --name-to-sid="BUILTIN\Backup Operators" > S-1-5-32-551 SID_ALIAS (4) > > sudo wbinfo --name-to-sid="BUILTIN\Print Operators" > S-1-5-32-550 SID_ALIAS (4) > > And in reverse: > > sudo wbinfo --sid-to-name=S-1-5-32-548 > BUILTIN\account operators 4 > > sudo wbinfo --sid-to-name=S-1-5-32-549 > BUILTIN\server operators 4 > > sudo wbinfo --sid-to-name=S-1-5-32-551 > BUILTIN\backup operators 4 > > sudo wbinfo --sid-to-name=S-1-5-32-550 > BUILTIN\print operators 4 > > So the code knows who they are. :-) > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >