I have installed the samba server (3.4.0, Ubuntu) with ldapsam environment and suddenly a logged user is automatically added to grups 10002, 10003 and 10005. This is bad as incidentally these gid's are used by other users (by default we have uid=gid) and so these users can see in wrong directories etc.
samba 3.0.33 didn't do this.
After a whole lot of debugging I found out that this corresponds to:
sid S-1-1-0 -> gid 10002
sid S-1-5-2 -> gid 10003
These probably correspond to: "Everyone" and "Network rids" (???)
And I cannot find the SID value for 10005, could probably find it with gdb...
Is there a way to at least remap these values to something harmless? The best way would be to not let the user have these groups at all.
After several hours of trying to find it I found a solution. Although I am using ldap backend, the idmap is still there for some 'samba' groups. When you first start samba, it takes the idmap gid range and starts adding it's own groups.
There are 2 ways to fix it: