On Thu, 2022-05-19 at 22:31 -0300, Anderson Sampaio Mello via samba wrote:> Thanks for the reply Rowland. > > But actually I want to map these groups to groups builtins, that's > why I > reported such a problem.It isn't a problem, for those are WINDOWS groups and are not used on Unix, so why do you need to map them ?> > The suggested command generates the same output as shown but the > mapping is > not done for other BUILTIN user groups, only the groups > "BUILTIN\Administrators", "BUILTIN\Guests", "BUILTIN\Users" are > mapped > automatically. > > I would like to know why mapping is not done for BUILTIN groups: > > "BUILTIN\Account Operators" > "BUILTIN\Server Operators" > "BUILTIN\Backup Operators" > "BUILTIN\Print Operators" > "BUILTIN\Replicator" > > As is done for "BUILTIN\Administrators", "BUILTIN\Guests", > "BUILTIN\Users" ? > > If anything, it's that BUILTIN group mappings are created inside > group_mapping.tdb and not in winbindd_idmap.tdbExactly, that is because they are Windows groups not normally used on Unix. Rowland
Good morning people around the world.. @rowland, This script isnt running anymore, can you check/verify it. https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivile ges.sh Can you have a check in it also. This smells like a bug.. All mentioned groups exists.. in the AD as Builtin\GroupNames and should how with above script. net rpc rights list privileges SeBackupPrivilege -UADDOM\\Administrator -S$(hostname -f) Enter ADDOM\Administrator's password: Could not connect to server server.internal.hostname.tld Connection failed: NT_STATUS_INVALID_TOKEN If its all good. I get *( tested on a old old samba version 4.6.16.) SeBackupPrivilege: BUILTIN\Administrators So, I think there is more going on here.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba Namens Rowland Penny via samba > Verzonden: vrijdag 20 mei 2022 08:30 > Aan: samba at lists.samba.org > CC: Rowland Penny <rpenny at samba.org> > Onderwerp: Re: [Samba] builtin groups are not mapped by winbind > > On Thu, 2022-05-19 at 22:31 -0300, Anderson Sampaio Mello via samba > wrote: > > Thanks for the reply Rowland. > > > > But actually I want to map these groups to groups builtins, that's why > > I reported such a problem. > > It isn't a problem, for those are WINDOWS groups and are not used on Unix, > so why do you need to map them ? > > > > > The suggested command generates the same output as shown but the > > mapping is not done for other BUILTIN user groups, only the groups > > "BUILTIN\Administrators", "BUILTIN\Guests", "BUILTIN\Users" are > mapped > > automatically. > > > > I would like to know why mapping is not done for BUILTIN groups: > > > > "BUILTIN\Account Operators" > > "BUILTIN\Server Operators" > > "BUILTIN\Backup Operators" > > "BUILTIN\Print Operators" > > "BUILTIN\Replicator" > > > > As is done for "BUILTIN\Administrators", "BUILTIN\Guests", > > "BUILTIN\Users" ? > > > > If anything, it's that BUILTIN group mappings are created inside > > group_mapping.tdb and not in winbindd_idmap.tdb > > Exactly, that is because they are Windows groups not normally used onUnix.> > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Anderson Sampaio Mello
2022-May-20 14:01 UTC
[Samba] builtin groups are not mapped by winbind
Hello Rowland.> It isn't a problem, for those are WINDOWS groups and are not used on > Unix, so why do you need to map them ?I want to map the BUILTIN groups to use them. As for not being used on unix, then why are other BUILTIN groups like "BUILTIN\Administrators", "BUILTIN\Guests", "BUILTIN\Users" automatically mapped? Em sex., 20 de mai. de 2022 ?s 03:33, Rowland Penny via samba < samba at lists.samba.org> escreveu:> On Thu, 2022-05-19 at 22:31 -0300, Anderson Sampaio Mello via samba > wrote: > > Thanks for the reply Rowland. > > > > But actually I want to map these groups to groups builtins, that's > > why I > > reported such a problem. > > It isn't a problem, for those are WINDOWS groups and are not used on > Unix, so why do you need to map them ? > > > > > The suggested command generates the same output as shown but the > > mapping is > > not done for other BUILTIN user groups, only the groups > > "BUILTIN\Administrators", "BUILTIN\Guests", "BUILTIN\Users" are > > mapped > > automatically. > > > > I would like to know why mapping is not done for BUILTIN groups: > > > > "BUILTIN\Account Operators" > > "BUILTIN\Server Operators" > > "BUILTIN\Backup Operators" > > "BUILTIN\Print Operators" > > "BUILTIN\Replicator" > > > > As is done for "BUILTIN\Administrators", "BUILTIN\Guests", > > "BUILTIN\Users" ? > > > > If anything, it's that BUILTIN group mappings are created inside > > group_mapping.tdb and not in winbindd_idmap.tdb > > Exactly, that is because they are Windows groups not normally used on > Unix. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >