[Samba] Re: Problem with 'net rpc group delmem' command
Bob Hope
savagephp at gmail.com
Sat Mar 18 15:32:44 GMT 2006
I apologize, in the midst of all that debug info I provided I didn't
give any info about my system.
Running Slackware 10.1 on x86
Samba 3.0.21b
I think that's all that's needed.
Thanks.
Bob Hope wrote:
> Hello everyone,
>
> I've been setting up Samba as a PDC with good success so far. I've
> run into one problem though, and that's removing users from groups using
> the 'net' utility. I seem to be able to add users to groups just fine
> using something similar to the following:
>
> net rpc group addmem "Domain Admins" bob
>
> If I then type:
>
> net rpc group members "Domain Admins"
>
> it lists the user I just added bob. But if I then try to remove the user
> with the following command:
>
> net rpc group delmem "Domain Admins" bob
>
> I get NT_STATUS_ACCESS_DENIED. Debug level 5 output is pasted below. Any
> help would be greatly appreciated.
>
> Thank you.
>
> -------------------------------------------------------------------------------
> root at nightwolf:~# net rpc group delmem "Domain Admins" -d 4 tjp
> [2006/03/17 19:13:47, 3] param/loadparm.c:lp_load(4202)
> lp_load: refreshing parameters
> [2006/03/17 19:13:47, 3] param/loadparm.c:init_globals(1385)
> Initialising global parameters
> [2006/03/17 19:13:47, 3] param/params.c:pm_process(574)
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2006/03/17 19:13:47, 3] param/loadparm.c:do_section(3657)
> Processing section "[global]"
> doing parameter workgroup = SAVAGEPHP
> doing parameter netbios name = nightwolf
> [2006/03/17 19:13:47, 4] param/loadparm.c:handle_netbios_name(2997)
> handle_netbios_name: set global_myname to: NIGHTWOLF
> doing parameter passdb backend = tdbsam
> doing parameter enable privileges = Yes
> doing parameter pam password change = Yes
> doing parameter passwd program = /usr/bin/passwd %u
> doing parameter passwd chat = *New*Password* %n\n
> *Re-enter*new*password*%n\n *Password*changed*
> doing parameter username map = /etc/samba/smbusers
> doing parameter log level = 1
> doing parameter syslog = 0
> doing parameter log file = /var/log/samba/%m
> doing parameter max log size = 50
> doing parameter smb ports = 139 445
> doing parameter name resolve order = wins bcast hosts
> doing parameter printcap name = CUPS
> doing parameter show add printer wizard = No
> doing parameter add user script = /usr/sbin/useradd -m '%u'
> doing parameter delete user script = /usr/sbin/userdel -r '%u'
> doing parameter add group script = /usr/sbin/groupadd '%g'
> doing parameter delete group script = /usr/sbin/groupdel '%g'
> doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
> doing parameter add machine script = /usr/sbin/useradd -s /bin/false
> -d /tmp '%u'
> doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh
> doing parameter abort shutdown script = /sbin/shutdown -c
> doing parameter logon script = scripts\logon.bat
> doing parameter logon path = \\%L\profiles\%U
> doing parameter logon drive = H:
> doing parameter logon home = \\%L\%U
> doing parameter domain logons = Yes
> doing parameter preferred master = Yes
> doing parameter domain master = Yes
> doing parameter wins support = Yes
> doing parameter utmp = Yes
> doing parameter map acl inherit = Yes
> doing parameter veto files = /*.eml/*.nws/*.{*}/
> doing parameter veto oplock files = /*.doc/*.xls/*.mdb/
> [2006/03/17 19:13:47, 4] param/loadparm.c:lp_load(4233)
> pm_process() returned Yes
> [2006/03/17 19:13:47, 2] lib/interface.c:add_interface(81)
> added interface ip=192.168.1.3 bcast=192.168.1.255 nmask=255.255.255.0
> Password:
> [2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_start_connection(1389)
> Connecting to host=127.0.0.1
> [2006/03/17 19:13:50, 3] lib/util_sock.c:open_socket_out(870)
> Connecting to 127.0.0.1 at port 445
> [2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710)
> Doing spnego session setup (blob length=16)
> [2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(714)
> server didn't supply a full spnego negprot
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(917)
> Got challenge flags:
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> Got NTLMSSP neg_flags=0x60890235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_CHAL_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(939)
> NTLMSSP: Set final flags:
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332)
> NTLMSSP Sign/Seal - Initialising with flags:
> [2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
> Got NTLMSSP neg_flags=0x60080215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> [2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74d9 bind
> request returned ok.
> [2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> rpc_pipe_bind: Remote machine 127.0.0.1 pipe \samr fnum 0x74da bind
> request returned ok.
> [2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
> rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74db bind
> request returned ok.
> Could not del tjp from Domain Admins: NT_STATUS_ACCESS_DENIED
> [2006/03/17 19:13:50, 1] utils/net_rpc.c:run_rpc_command(169)
> rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> [2006/03/17 19:13:50, 2] utils/net.c:main(878)
> return code = 1
> root at nightwolf:~#
>
>
More information about the samba
mailing list