support for privileges in Samba 3.0

Gerald (Jerry) Carter jerry at
Wed Jan 12 22:46:19 GMT 2005

Hash: SHA1


I have gone back and reworked the privileges code (twice)
for inclusion in 3.0.11.  After the second rewrite some
things that you did make more sense now.

One minor change I've made is to remove all of the unused
privileges.  The only ones I'm planning on using initially
is to add machines to the domain, add users and groups to the
domain, and print admin rights.

The major change was to remove the privilege storage from the
passdb API.  Storing privilege sets in LDAP didn't gain us
alot other than not having to implement our own replication
protocol.    I'm planning on implementing enough of the SAM
replication protocol to get Samba -> Samba replication
working for account policies and privileges.  I think I can
have the done and working by Linuxworld next month.

I'm going to check this in before week's end (just have to
increase the number of bits I use for the privilege mask)
and incorporate the privilege set with the NT_USER_TOKEN
at logon time for the appropriate access checks.

Oh and fix a couple of the LSA calls where the return values are

Thanks for your work on this and my apologies for putting it
off the backport so long.

PS: apparently User Manager running on 2k has some issues
with setting account rights.  I get the same failures against
an NT4 PDC.

cheers, jerry
Alleviating the pain of Windows(tm)      -------
GnuPG Key                -----
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list