TNG: local/domain membership problem
Elrond
elrond at samba.org
Fri Jul 14 17:03:21 GMT 2000
The questionis, how this application checks, wether you're
in the group or not.
It has two methods for doing so:
a) Check the group directly, wether the user is listed or
not.
b) check the credentials of the currently logged in user,
wether it contains the local group.
You can test, if your credentials contain the local group
with two methods:
1. secedit.exe, comes with ntreskit.
It shows you your complete credentailset
2. Create some local directory, and only give the local
group permissions in it, then check, wether you realy
can use those permissions.
I currently would guess, that the application is broken and
uses method a) from above.
Elrond
On Fri, Jul 14, 2000 at 05:25:15PM +1000, Matthew Flanagan wrote:
> Hi,
>
> I'm am running Samba TNG 2.5 GOOD on Linux 2.2.14 and I'm having a
> problem with verifying that a domain user is a member of a local group.
> Here is how it is set up:
>
> PDC - PC running Linux 2.2.14 + Samba TNG 2.5 GOOD, PDC for domain
> 'DOMAIN'.
> NT1 - PC running NT4 SP5, member of DOMAIN.
>
> NT1\LOCALUSERS - A group local to host NT1 with only member
> 'DOMAIN\Domain Users'.
>
> DOMAIN\USER1 is a member of 'DOMAIN\Domain Users'.
>
> USER1 can login to NT1 with out any obvious problems, the user profile
> is fetched and home dir is mounted.
>
> Now when an application running on NT1 attempts to verify if USER1 is a
> member of LOCALUSERS it fails.
> If I then make USER1 and direct member of LOCALUSERS and rerun the
> application it succeeds.
>
> Has anyone come across this problem before in Samba or can anyone verify
> it?
>
> Which logs should I be perusing to determine where the problem is
> occurring?
>
> regards
>
> matthew
>
> --
> Matthew Flanagan Phone: 02 9900 2104
> matthew.flanagan at enstor.com.au Mobile: 0414 642 557
> EnStor Pty Ltd Fax: 02 9900 2199
More information about the samba-ntdom
mailing list