Good morning people around the world..
@rowland, This script isnt running anymore, can you check/verify it.
https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivile
ges.sh
Can you have a check in it also.
This smells like a bug..
All mentioned groups exists.. in the AD as Builtin\GroupNames and should how
with above script.
net rpc rights list privileges SeBackupPrivilege -UADDOM\\Administrator
-S$(hostname -f)
Enter ADDOM\Administrator's password:
Could not connect to server server.internal.hostname.tld
Connection failed: NT_STATUS_INVALID_TOKEN
If its all good. I get *( tested on a old old samba version 4.6.16.)
SeBackupPrivilege:
BUILTIN\Administrators
So, I think there is more going on here..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba Namens Rowland Penny via samba
> Verzonden: vrijdag 20 mei 2022 08:30
> Aan: samba at lists.samba.org
> CC: Rowland Penny <rpenny at samba.org>
> Onderwerp: Re: [Samba] builtin groups are not mapped by winbind
>
> On Thu, 2022-05-19 at 22:31 -0300, Anderson Sampaio Mello via samba
> wrote:
> > Thanks for the reply Rowland.
> >
> > But actually I want to map these groups to groups builtins, that's
why
> > I reported such a problem.
>
> It isn't a problem, for those are WINDOWS groups and are not used on
Unix,
> so why do you need to map them ?
>
> >
> > The suggested command generates the same output as shown but the
> > mapping is not done for other BUILTIN user groups, only the groups
> > "BUILTIN\Administrators", "BUILTIN\Guests",
"BUILTIN\Users" are
> mapped
> > automatically.
> >
> > I would like to know why mapping is not done for BUILTIN groups:
> >
> > "BUILTIN\Account Operators"
> > "BUILTIN\Server Operators"
> > "BUILTIN\Backup Operators"
> > "BUILTIN\Print Operators"
> > "BUILTIN\Replicator"
> >
> > As is done for "BUILTIN\Administrators",
"BUILTIN\Guests",
> > "BUILTIN\Users" ?
> >
> > If anything, it's that BUILTIN group mappings are created inside
> > group_mapping.tdb and not in winbindd_idmap.tdb
>
> Exactly, that is because they are Windows groups not normally used on
Unix.>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba