Creating a domain group mapping with Samba

Any unix group may be linked with a Windows group when using Samba.

The current Windows to unix group mappings can be shown using the command below:

# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-968653543-1690298860-1577431122-512) -> -1
Domain Guests (S-1-5-21-968653543-1690298860-1577431122-514) -> -1
Domain Users (S-1-5-21-968653543-1690298860-1577431122-513) -> -1
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

The above output shows that no unix groups are mapped to the windows groups.

A group mapping can be created with the command below:

net groupmap modify ntgroup="Domain Users" unixgroup=yourgroup

Now when you list the group mapping again you will see yourgroup in the list:

# net groupmap list
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-968653543-1690298860-1577431122-512) -> -1
Domain Guests (S-1-5-21-968653543-1690298860-1577431122-514) -> -1
Domain Users (S-1-5-21-968653543-1690298860-1577431122-513) -> yourgroup
Account Operators (S-1-5-32-548) -> -1
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1

Last updated: 30/09/2008