Patch rpc samr "RemoveMemeberForeignDomain" on pre3

Jianliang Lu at
Wed Dec 3 09:05:03 GMT 2003

> Hash: SHA1
> Gerald (Jerry) Carter wrote:
> > Gerald (Jerry) Carter wrote:
> > 
> >> I'll agree that we might be wrong here but I don't see the point of
> >> "RemoveMemeberForeignDomain" duplicated the samr_del_aliasmem() call.
> >> I think we need some more research here to see what we should do.
> >>
> >> We have a policy handle for the domain and are given a user SID.
> >> Would you mind sending me the traces you have? Thanks.
> > 
> > 
> > 
> > btw...I take this back.  I found some logs and you're definitely
> > right about the existing code.  I'm still not convinced about the 
> > del_aliasmem but stranger things have been done in Redmond.
> What I see in my log file is RemoveMemeberForeignDomain()
> comes in with a handle to the BUILTIN domain (S-1-5-32)
> and sends the SID for a domain group (S-1-5-21-X-Y-Z-1211).
> So this definitely wouldn't be a del_aliasmem() call.
> I think the call should remove the specified SID from all
> groups in the domain (defined by the handle).  At least that's what
> User Manager does.  I don't have a trace to confirm that there are 
> individual delete user from group calls, but this is the only use that 
> makes sense.  I'll code it up and check it in tonight hopefully.

I think that we should remove the SID from all "local groups", the 
later "delete user" call will remove the user account and the SID from all 
So, the "delete user script" has no sense? With the LDAP backend we can 
manage the user accounts without the extra scripts in smb.conf (add user, add 
machine, delete... etc.), now is ok for delete, but just adding a little 
patch we can also "add" without scripts. I think that this is a simple and 
correct way to manage user accounts with usrmgr (via rpc samr).

Jianliang Lu

TieSse s.p.a.     Ivrea (To) - Italy at   luj at

More information about the samba-technical mailing list