AW: APW is missing

Gerald (Jerry) Carter jerry at
Wed May 21 16:05:38 GMT 2003

Hash: SHA1

On Wed, 21 May 2003, Ronan Waide wrote:

> On May 21, jerry at said:
> > 2 questions:
> > 
> >   1)  Have you ever seen a windows client send 
> >       MAXIMUM_ALLOWED_ACCESS without including
> >       SERVER_ALL_ACCESS ?  rpcclient doesn't count 
> >       here.  I know we don't do this exactly like NT
> >       but it has never matter against real windows 
> >       clients 
> Hmm. As documented in the quoted post, NT4SP6 talking to Samba sends
> MAXIMUM_ALLOWED_ACCESS without any of the printer admin access bits,
> but I don't recall if it had SERVER_ALL_ACCESS set.


- ------------original mail--------------------------

NT4 SP6 to Samba HEAD (Opening the Printers folder)
* First request is for
  Write Owner | Write DAC | Read Control | Delete
  Server Enum | Server Admin

- --------end original mail--------------------------

SERVER_ALL_ACCESS == Server Enum | Server Admin

This is what is used to determine whether the APW shows up.
We basically only allow a 'printer admin' to have this.

Just to make sure we are on the same thread here,
I have never seen a instance where we really needed to 
map MAXIMUM_ALLOWED_ACCESS to anything.  Windows
clients always include the specific bits in the desired_access
mask in my experience.

So my question is: Have you seen any behavior that indicates
not mapping the MAXIMUM_ALLOWED_ACCESS mask to some specific 
bits is a problem?

My understanding is that you have not, but were just noting 
a difference in behavior when testing with rpcclient.  Right?

cheers, jerry
 Hewlett-Packard            -------------------------
 SAMBA Team                 ----------------------
 GnuPG Key                  ----
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see


More information about the samba-technical mailing list