[Samba] Re: Problem with 'net rpc group delmem' command

Bob Hope savagephp at gmail.com
Sat Mar 18 15:32:44 GMT 2006 

I apologize, in the midst of all that debug info I provided I didn't
give any info about my system.

Running Slackware 10.1 on x86
Samba 3.0.21b

I think that's all that's needed.

Thanks.

Bob Hope wrote:
>  Hello everyone,
>
>     I've been setting up Samba as a PDC with good success so far. I've
> run into one problem though, and that's removing users from groups using
> the 'net' utility. I seem to be able to add users to groups just fine
> using something similar to the following:
>
> net rpc group addmem "Domain Admins" bob
>
> If I then type:
>
> net rpc group members "Domain Admins"
>
> it lists the user I just added bob. But if I then try to remove the user
> with the following command:
>
> net rpc group delmem "Domain Admins" bob
>
> I get NT_STATUS_ACCESS_DENIED. Debug level 5 output is pasted below. Any
> help would be greatly appreciated.
>
> Thank you.
>
> -------------------------------------------------------------------------------
> root at nightwolf:~# net rpc group delmem "Domain Admins" -d 4 tjp
> [2006/03/17 19:13:47, 3] param/loadparm.c:lp_load(4202)
>   lp_load: refreshing parameters
> [2006/03/17 19:13:47, 3] param/loadparm.c:init_globals(1385)
>   Initialising global parameters
> [2006/03/17 19:13:47, 3] param/params.c:pm_process(574)
>   params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2006/03/17 19:13:47, 3] param/loadparm.c:do_section(3657)
>   Processing section "[global]"
>   doing parameter workgroup = SAVAGEPHP
>   doing parameter netbios name = nightwolf
> [2006/03/17 19:13:47, 4] param/loadparm.c:handle_netbios_name(2997)
>   handle_netbios_name: set global_myname to: NIGHTWOLF
>   doing parameter passdb backend = tdbsam
>   doing parameter enable privileges = Yes
>   doing parameter pam password change = Yes
>   doing parameter passwd program = /usr/bin/passwd %u
>   doing parameter passwd chat = *New*Password* %n\n
> *Re-enter*new*password*%n\n *Password*changed*
>   doing parameter username map = /etc/samba/smbusers
>   doing parameter log level = 1
>   doing parameter syslog = 0
>   doing parameter log file = /var/log/samba/%m
>   doing parameter max log size = 50
>   doing parameter smb ports = 139 445
>   doing parameter name resolve order = wins bcast hosts
>   doing parameter printcap name = CUPS
>   doing parameter show add printer wizard = No
>   doing parameter add user script = /usr/sbin/useradd -m '%u'
>   doing parameter delete user script = /usr/sbin/userdel -r '%u'
>   doing parameter add group script = /usr/sbin/groupadd '%g'
>   doing parameter delete group script = /usr/sbin/groupdel '%g'
>   doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
>   doing parameter add machine script = /usr/sbin/useradd -s /bin/false
> -d /tmp '%u'
>   doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh
>   doing parameter abort shutdown script = /sbin/shutdown -c
>   doing parameter logon script = scripts\logon.bat
>   doing parameter logon path = \\%L\profiles\%U
>   doing parameter logon drive = H:
>   doing parameter logon home = \\%L\%U
>   doing parameter domain logons = Yes
>   doing parameter preferred master = Yes
>   doing parameter domain master = Yes
>   doing parameter wins support = Yes
>   doing parameter utmp = Yes
>   doing parameter map acl inherit = Yes
>   doing parameter veto files = /*.eml/*.nws/*.{*}/
>   doing parameter veto oplock files = /*.doc/*.xls/*.mdb/
> [2006/03/17 19:13:47, 4] param/loadparm.c:lp_load(4233)
>   pm_process() returned Yes
> [2006/03/17 19:13:47, 2] lib/interface.c:add_interface(81)
>   added interface ip=192.168.1.3 bcast=192.168.1.255 nmask=255.255.255.0
> Password:
> [2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_start_connection(1389)
>   Connecting to host=127.0.0.1
> [2006/03/17 19:13:50, 3] lib/util_sock.c:open_socket_out(870)
>   Connecting to 127.0.0.1 at port 445
> [2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710)
>   Doing spnego session setup (blob length=16)
> [2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(714)
>   server didn't supply a full spnego negprot
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(917)
>   Got challenge flags:
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>   Got NTLMSSP neg_flags=0x60890235
>     NTLMSSP_NEGOTIATE_UNICODE
>     NTLMSSP_REQUEST_TARGET
>     NTLMSSP_NEGOTIATE_SIGN
>     NTLMSSP_NEGOTIATE_SEAL
>     NTLMSSP_NEGOTIATE_NTLM
>     NTLMSSP_NEGOTIATE_NTLM2
>     NTLMSSP_CHAL_TARGET_INFO
>     NTLMSSP_NEGOTIATE_128
>     NTLMSSP_NEGOTIATE_KEY_EXCH
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(939)
>   NTLMSSP: Set final flags:
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>   Got NTLMSSP neg_flags=0x60080215
>     NTLMSSP_NEGOTIATE_UNICODE
>     NTLMSSP_REQUEST_TARGET
>     NTLMSSP_NEGOTIATE_SIGN
>     NTLMSSP_NEGOTIATE_NTLM
>     NTLMSSP_NEGOTIATE_NTLM2
>     NTLMSSP_NEGOTIATE_128
>     NTLMSSP_NEGOTIATE_KEY_EXCH
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332)
>   NTLMSSP Sign/Seal - Initialising with flags:
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
>   Got NTLMSSP neg_flags=0x60080215
>     NTLMSSP_NEGOTIATE_UNICODE
>     NTLMSSP_REQUEST_TARGET
>     NTLMSSP_NEGOTIATE_SIGN
>     NTLMSSP_NEGOTIATE_NTLM
>     NTLMSSP_NEGOTIATE_NTLM2
>     NTLMSSP_NEGOTIATE_128
>     NTLMSSP_NEGOTIATE_KEY_EXCH
> [2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74d9 bind
> request returned ok.
> [2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine 127.0.0.1 pipe \samr fnum 0x74da bind
> request returned ok.
> [2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
>   rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74db bind
> request returned ok.
> Could not del tjp from Domain Admins: NT_STATUS_ACCESS_DENIED
> [2006/03/17 19:13:50, 1] utils/net_rpc.c:run_rpc_command(169)
>   rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> [2006/03/17 19:13:50, 2] utils/net.c:main(878)
>   return code = 1
> root at nightwolf:~#
>
>

More information about the samba mailing list