Patch for Smbldap-tools and problems on Samba3.0 a20
j.lu at tiesse.com
Mon Nov 4 09:54:01 GMT 2002
During our test on the the migration from the AS/U (Advanced Server for
based domain to a Samba-ldap based domain, we have found and fixed some bugs
on the smbldap tools of Idealx. In attachment you would find the improved
package. The main changes are:
- smbldap-migrate-accounts.pl : the user's rid was added.
- smbldap-useradd.pl : improved the PrimaryGroupID setting, added the
option for trusting domain add.
- smbldap-usermod.pl : fixed the bug on acctFlags setting.
- smbldap-groupdel.pl : fixed the problem for group names that included
- smbldap_tools.pm : for all listed above.
We are using Samba 3.0 Alpha20 on a RedHat 7.3 system to test our migration
and we found that the Samba has some problems to enumerate the domain
Following were what happened during our test:
We logged onto the domain, where the PDC was Samba 3.0 Alpha20, from a NT
machine with a normal user "samba20", then we connected to a share directory
of the PDC using "net use...". After that, we used the windows explorer to
access that share directory and tried to view the members of a domain group
"Gruppo" from the security permissions of a directory or a file following
step: Proprieties -> Security -> Permissions -> Add -> On the group
-> Members, we got the "Access is denied".
The user "Samba20" is the member of "Domain Users" group that was mapped
also to the unix group. From the debug logs we have seen that the function
"se_access_check" that was called from the "_samr_open_group" failed due to
the mismatch between the access_desired and access_requested, but I think
the user has the right to show the groups members.
j.lu at tiesse.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 11730 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021104/5b4928aa/smbldap.bin
More information about the samba-technical