Windows API's against a Samba DC (NT4)
Jeremy Allison
jra at samba.org
Fri Oct 3 17:35:10 GMT 2003
On Fri, Oct 03, 2003 at 11:43:39AM -0400, Nathan Yocom wrote:
> I am working on some code on the windows side of things for transparent management of users/groups etc on a domain (currently only NT4 not AD). In doing so, I would like to have it work against a samba pdc as well, but have run into an interesting problem.
>
> I call the Platform SDK/Windows API function LogonUser (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/logonuser.asp) to try and get a security handle for an administrative account on the domain (the hUser token parameter). This works against an NT4 server, but does not seem to work against a samba pdc. The function returns the system error code 1314 (full list here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes.asp) which indicates "A required privilege is not held by the client. ERROR_PRIVILEGE_NOT_HELD". Which of course led me to believe it was some kind of priveledges problem, however I am testing the call with a user (in this case root) who exists on the pdc, whom I used to add the windows 2000 machine to the domain, and whom is in the "domain admin group" setting in smb.conf. Have I missed a setting somewhere? Should this function work against a samba pdc?
Can you send me the Win32 binary also the Win32 source code
please. I'd like to try this against our code and make sure
it works.
Thanks,
Jeremy.
More information about the samba-technical
mailing list