[Samba] Problem with 'net rpc group delmem' command
Bob Hope
savagephp at gmail.com
Sat Mar 18 13:43:37 GMT 2006
Hello everyone,
I've been setting up Samba as a PDC with good success so far. I've
run into one problem though, and that's removing users from groups using
the 'net' utility. I seem to be able to add users to groups just fine
using something similar to the following:
net rpc group addmem "Domain Admins" bob
If I then type:
net rpc group members "Domain Admins"
it lists the user I just added bob. But if I then try to remove the user
with the following command:
net rpc group delmem "Domain Admins" bob
I get NT_STATUS_ACCESS_DENIED. Debug level 5 output is pasted below. Any
help would be greatly appreciated.
Thank you.
-------------------------------------------------------------------------------
root at nightwolf:~# net rpc group delmem "Domain Admins" -d 4 tjp
[2006/03/17 19:13:47, 3] param/loadparm.c:lp_load(4202)
lp_load: refreshing parameters
[2006/03/17 19:13:47, 3] param/loadparm.c:init_globals(1385)
Initialising global parameters
[2006/03/17 19:13:47, 3] param/params.c:pm_process(574)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2006/03/17 19:13:47, 3] param/loadparm.c:do_section(3657)
Processing section "[global]"
doing parameter workgroup = SAVAGEPHP
doing parameter netbios name = nightwolf
[2006/03/17 19:13:47, 4] param/loadparm.c:handle_netbios_name(2997)
handle_netbios_name: set global_myname to: NIGHTWOLF
doing parameter passdb backend = tdbsam
doing parameter enable privileges = Yes
doing parameter pam password change = Yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *New*Password* %n\n
*Re-enter*new*password*%n\n *Password*changed*
doing parameter username map = /etc/samba/smbusers
doing parameter log level = 1
doing parameter syslog = 0
doing parameter log file = /var/log/samba/%m
doing parameter max log size = 50
doing parameter smb ports = 139 445
doing parameter name resolve order = wins bcast hosts
doing parameter printcap name = CUPS
doing parameter show add printer wizard = No
doing parameter add user script = /usr/sbin/useradd -m '%u'
doing parameter delete user script = /usr/sbin/userdel -r '%u'
doing parameter add group script = /usr/sbin/groupadd '%g'
doing parameter delete group script = /usr/sbin/groupdel '%g'
doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
doing parameter add machine script = /usr/sbin/useradd -s /bin/false
-d /tmp '%u'
doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh
doing parameter abort shutdown script = /sbin/shutdown -c
doing parameter logon script = scripts\logon.bat
doing parameter logon path = \\%L\profiles\%U
doing parameter logon drive = H:
doing parameter logon home = \\%L\%U
doing parameter domain logons = Yes
doing parameter preferred master = Yes
doing parameter domain master = Yes
doing parameter wins support = Yes
doing parameter utmp = Yes
doing parameter map acl inherit = Yes
doing parameter veto files = /*.eml/*.nws/*.{*}/
doing parameter veto oplock files = /*.doc/*.xls/*.mdb/
[2006/03/17 19:13:47, 4] param/loadparm.c:lp_load(4233)
pm_process() returned Yes
[2006/03/17 19:13:47, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.1.3 bcast=192.168.1.255 nmask=255.255.255.0
Password:
[2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_start_connection(1389)
Connecting to host=127.0.0.1
[2006/03/17 19:13:50, 3] lib/util_sock.c:open_socket_out(870)
Connecting to 127.0.0.1 at port 445
[2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710)
Doing spnego session setup (blob length=16)
[2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(714)
server didn't supply a full spnego negprot
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(917)
Got challenge flags:
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60890235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_CHAL_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(939)
NTLMSSP: Set final flags:
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/03/17 19:13:50, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332)
NTLMSSP Sign/Seal - Initialising with flags:
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74d9 bind
request returned ok.
[2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 127.0.0.1 pipe \samr fnum 0x74da bind
request returned ok.
[2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74db bind
request returned ok.
Could not del tjp from Domain Admins: NT_STATUS_ACCESS_DENIED
[2006/03/17 19:13:50, 1] utils/net_rpc.c:run_rpc_command(169)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2006/03/17 19:13:50, 2] utils/net.c:main(878)
return code = 1
root at nightwolf:~#
More information about the samba
mailing list