samba - May 2022 - builtin groups are not mapped by winbind

Thanks for the reply Rowland.

But actually I want to map these groups to groups builtins, that's why I
reported such a problem.

The suggested command generates the same output as shown but the mapping is
not done for other BUILTIN user groups, only the groups
"BUILTIN\Administrators", "BUILTIN\Guests",
"BUILTIN\Users" are mapped
automatically.

I would like to know why mapping is not done for BUILTIN groups:

"BUILTIN\Account Operators"
"BUILTIN\Server Operators"
"BUILTIN\Backup Operators"
"BUILTIN\Print Operators"
"BUILTIN\Replicator"

As is done for "BUILTIN\Administrators", "BUILTIN\Guests",
"BUILTIN\Users" ?

If anything, it's that BUILTIN group mappings are created inside
group_mapping.tdb and not in winbindd_idmap.tdb

Em seg., 16 de mai. de 2022 ?s 05:03, Rowland Penny via samba <
samba at lists.samba.org> escreveu:
> On Fri, 2022-05-13 at 02:14 -0300, Anderson Sampaio Mello via samba
> wrote:
> > Hello samba team.
> >
> > I have a samba configured as a member server of a samba4 domain. This
> > member server is version 4.15.5
> >
> > The big problem is that the member server winbind does not generate
> > the
> > gids for some BUILTIN groups, for example:
> >
> > Account Operators
> > Server Operators
> > Backup Operators
> > Print Operators
>
> I wouldn't worry it, that doesn't work for myself on a Unix domain
> member, but these do:
>
> sudo wbinfo --name-to-sid="BUILTIN\Account Operators"
> S-1-5-32-548 SID_ALIAS (4)
>
> sudo wbinfo --name-to-sid="BUILTIN\Server Operators"
> S-1-5-32-549 SID_ALIAS (4)
>
> sudo wbinfo --name-to-sid="BUILTIN\Backup Operators"
> S-1-5-32-551 SID_ALIAS (4)
>
> sudo wbinfo --name-to-sid="BUILTIN\Print Operators"
> S-1-5-32-550 SID_ALIAS (4)
>
> And in reverse:
>
> sudo wbinfo --sid-to-name=S-1-5-32-548
> BUILTIN\account operators 4
>
> sudo wbinfo --sid-to-name=S-1-5-32-549
> BUILTIN\server operators 4
>
> sudo wbinfo --sid-to-name=S-1-5-32-551
> BUILTIN\backup operators 4
>
> sudo wbinfo --sid-to-name=S-1-5-32-550
> BUILTIN\print operators 4
>
> So the code knows who they are. :-)
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Thu, 2022-05-19 at 22:31 -0300, Anderson Sampaio Mello via samba
wrote:
> Thanks for the reply Rowland.
> 
> But actually I want to map these groups to groups builtins, that's
> why I
> reported such a problem.
It isn't a problem, for those are WINDOWS groups and are not used on
Unix, so why do you need to map them ?
 
> 
> The suggested command generates the same output as shown but the
> mapping is
> not done for other BUILTIN user groups, only the groups
> "BUILTIN\Administrators", "BUILTIN\Guests",
"BUILTIN\Users" are
> mapped
> automatically.
> 
> I would like to know why mapping is not done for BUILTIN groups:
> 
> "BUILTIN\Account Operators"
> "BUILTIN\Server Operators"
> "BUILTIN\Backup Operators"
> "BUILTIN\Print Operators"
> "BUILTIN\Replicator"
> 
> As is done for "BUILTIN\Administrators",
"BUILTIN\Guests",
> "BUILTIN\Users" ?
> 
> If anything, it's that BUILTIN group mappings are created inside
> group_mapping.tdb and not in winbindd_idmap.tdb
Exactly, that is because they are Windows groups not normally used on
Unix.

Rowland