Patch for Smbldap-tools and problems on Samba3.0 a20

luj@libero.it luj at libero.it
Wed Oct 23 11:49:01 GMT 2002


Hi,
During our test on the the migration from the AS/U /Advanced Server for 
Unix) based domain to a Samba-ldap based domain, we have found and 
fixed some bugs on the smbldap tools of Idealx. In attachment you would 
find the improved tools package. The main changes are:
-	smbldap-migrate-accounts.pl  :  the user “rid” was added
-	smbldap-useradd.pl : improved the PrimaryGroupID setting, added 
the option for “trusting domain” add
-	smbldap-usermod.pl : fixed the bug on acctFlags setting
-	smbldap-groupdel.pl : fixed the problem for group names that 
included  the blank
-	smbldap_tools.pm : for all listed above

We are using Samba 3.0 Alpha20 on a RedHat 7.3 system to test our 
migration and we found that  the Samba  has some problems to enumerate 
the domain group’s members. 
Following were what happened during our test:
We logged onto the domain, where the PDC was Samba 3.0 Alpha20, from a 
NT machine with a normal user "samba20", then we connected to a share 
directory of the PDC using "net use...". After that, we used the 
windows explorer to access that share directory and tried to view the 
members of a domain group "Gruppo" from the security permissions of a 
directory or a file following the step: Proprieties -> Security ->  
Permissions -> Add -> On the group "Gruppo" -> Members, we got 
the "Access is denied".
The user "Samba20" is the member of  "Domain Users" group that was 
mapped also to the unix group. From the debug logs we have seen that 
the function "se_access_check" that was called from 
the "_samr_open_group" failed due to the mismatch between the 
access_desired and access_requested, but I think that the user has the 
right to show the group’s members.  
In attchment you would find the debug logs.


Jianliang Lu
E-mail: luj at libero.it
Phone: 0125 757061
Mobile: 0333 2839559
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smbldap-tools-0.7-2.i386.rpm
Type: application/octet-stream
Size: 40151 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20021023/5325ea7f/smbldap-tools-0.7-2.i386.obj


More information about the samba-technical mailing list