TNG: local/domain membership problem

Elrond elrond at
Fri Jul 14 17:03:21 GMT 2000

The questionis, how this application checks, wether you're
in the group or not.

It has two methods for doing so:

a) Check the group directly, wether the user is listed or
b) check the credentials of the currently logged in user,
   wether it contains the local group.

You can test, if your credentials contain the local group
with two methods:

1. secedit.exe, comes with ntreskit.
   It shows you your complete credentailset
2. Create some local directory, and only give the local
   group permissions in it, then check, wether you realy
   can use those permissions.

I currently would guess, that the application is broken and
uses method a) from above.


On Fri, Jul 14, 2000 at 05:25:15PM +1000, Matthew Flanagan wrote:
> Hi,
> I'm am running Samba TNG 2.5 GOOD on Linux 2.2.14 and I'm having a
> problem with verifying that a domain user is a member of a local group.
> Here is how it is set up:
> PDC - PC running Linux 2.2.14 + Samba TNG 2.5 GOOD, PDC for domain
> NT1 - PC running NT4 SP5, member of DOMAIN.
> NT1\LOCALUSERS - A group local to host NT1 with only member
> 'DOMAIN\Domain Users'.
> DOMAIN\USER1 is a member of 'DOMAIN\Domain Users'.
> USER1 can login to NT1 with out any obvious problems, the user profile
> is fetched and home dir is mounted.
> Now when an application running on NT1 attempts to verify if USER1 is a
> member of LOCALUSERS it fails.
> If I then make USER1 and direct member of LOCALUSERS and rerun the
> application it succeeds.
> Has anyone come across this problem before in Samba or can anyone verify
> it?
> Which logs should I be perusing to determine where the problem is
> occurring?
> regards
> matthew
> -- 
> Matthew Flanagan                     Phone: 02 9900 2104
> matthew.flanagan at      Mobile: 0414 642 557
> EnStor Pty Ltd                         Fax: 02 9900 2199

More information about the samba-ntdom mailing list