Patch rpc samr "RemoveMemeberForeignDomain" on pre3

Gerald (Jerry) Carter jerry at
Tue Dec 2 01:02:07 GMT 2003

Hash: SHA1

Gerald (Jerry) Carter wrote:
> Gerald (Jerry) Carter wrote:
>> I'll agree that we might be wrong here but I don't see the point of
>> "RemoveMemeberForeignDomain" duplicated the samr_del_aliasmem() call.
>> I think we need some more research here to see what we should do.
>> We have a policy handle for the domain and are given a user SID.
>> Would you mind sending me the traces you have? Thanks.
> btw...I take this back.  I found some logs and you're definitely
> right about the existing code.  I'm still not convinced about the 
> del_aliasmem but stranger things have been done in Redmond.

What I see in my log file is RemoveMemeberForeignDomain()
comes in with a handle to the BUILTIN domain (S-1-5-32)
and sends the SID for a domain group (S-1-5-21-X-Y-Z-1211).

So this definitely wouldn't be a del_aliasmem() call.
I think the call should remove the specified SID from all
groups in the domain (defined by the handle).  At least that's what
User Manager does.  I don't have a trace to confirm that there are 
individual delete user from group calls, but this is the only use that 
makes sense.  I'll code it up and check it in tonight hopefully.

- --
  Hewlett-Packard            -------------------------
  SAMBA Team                 ----------------------
  GnuPG Key                  ----
  "If we're adding to the noise, turn off this song" --Switchfoot (2003)
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list