Patch for Smbldap-tools and problems on Samba3.0 a20

Lu Jianliang j.lu at tiesse.com
Mon Nov 4 09:54:01 GMT 2002 

Hi,
During our test on the the migration from the AS/U (Advanced Server for
Unix)
based domain to a Samba-ldap based domain, we have found and fixed some bugs
on the smbldap tools of Idealx. In attachment you would find the improved
tools
package. The main changes are:
-	smbldap-migrate-accounts.pl  :  the user's rid was added.
-	smbldap-useradd.pl : improved the PrimaryGroupID setting, added the
			     option for trusting domain add.
-	smbldap-usermod.pl : fixed the bug on acctFlags setting.
-	smbldap-groupdel.pl : fixed the problem for group names that included
	the blank.
-	smbldap_tools.pm : for all listed above.

We are using Samba 3.0 Alpha20 on a RedHat 7.3 system to test our migration
and we found that  the Samba  has some problems to enumerate the domain
group’s
members.
Following were what happened during our test:
We logged onto the domain, where the PDC was Samba 3.0 Alpha20, from a NT
machine with a normal user "samba20", then we connected to a share directory
of the PDC using "net use...". After that, we used the windows explorer to
access that share directory and tried to view the members of a domain group
"Gruppo" from the security permissions of a directory or a file following
the
step: Proprieties -> Security ->  Permissions -> Add -> On the group
"Gruppo"
-> Members, we got the "Access is denied".
The user "Samba20" is the member of  "Domain Users" group that was mapped
also to the unix group. From the debug logs we have seen that the function
"se_access_check" that was called from the "_samr_open_group" failed due to
the mismatch between the access_desired and access_requested, but I think
that
the user has the right to show the group’s members.

Jianliang Lu
TieSse s.p.a.
j.lu at tiesse.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smbldap.tgz
Type: application/x-compressed
Size: 11730 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021104/5b4928aa/smbldap.bin

More information about the samba-technical mailing list