Patch rpc samr "RemoveMemeberForeignDomain" on pre3
j.lu at tiesse.com
Wed Dec 3 09:05:03 GMT 2003
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Gerald (Jerry) Carter wrote:
> > Gerald (Jerry) Carter wrote:
> >> I'll agree that we might be wrong here but I don't see the point of
> >> "RemoveMemeberForeignDomain" duplicated the samr_del_aliasmem() call.
> >> I think we need some more research here to see what we should do.
> >> We have a policy handle for the domain and are given a user SID.
> >> Would you mind sending me the traces you have? Thanks.
> > btw...I take this back. I found some logs and you're definitely
> > right about the existing code. I'm still not convinced about the
> > del_aliasmem but stranger things have been done in Redmond.
> What I see in my log file is RemoveMemeberForeignDomain()
> comes in with a handle to the BUILTIN domain (S-1-5-32)
> and sends the SID for a domain group (S-1-5-21-X-Y-Z-1211).
> So this definitely wouldn't be a del_aliasmem() call.
> I think the call should remove the specified SID from all
> groups in the domain (defined by the handle). At least that's what
> User Manager does. I don't have a trace to confirm that there are
> individual delete user from group calls, but this is the only use that
> makes sense. I'll code it up and check it in tonight hopefully.
I think that we should remove the SID from all "local groups", the
later "delete user" call will remove the user account and the SID from all
So, the "delete user script" has no sense? With the LDAP backend we can
manage the user accounts without the extra scripts in smb.conf (add user, add
machine, delete... etc.), now is ok for delete, but just adding a little
patch we can also "add" without scripts. I think that this is a simple and
correct way to manage user accounts with usrmgr (via rpc samr).
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
More information about the samba-technical