support for privileges in Samba 3.0

Gerald (Jerry) Carter jerry at
Thu Jan 13 13:04:52 GMT 2005

Hash: SHA1

Simo Sorce wrote:

| Well, I've done that mostly because NT4 domains
| have the privileges set replicated on each DC,
| but to be honest I see that as a limitation.
| Being able to set different privileges on each DC
| is a plus imho, so I welcome the removal of automatic
| replication, and I would suggest to make the replication
| of privileges optional, they are just a local thing
| made global by mistake in NT4 SAM engineering.

I haven't quite fleshed out all the details yet
but I'll keep that suggestion in mind.

|> PS: apparently User Manager running on 2k has some issues
|> with setting account rights.  I get the same failures against
|> an NT4 PDC.
| I will work again on usrmgr.exe as I see the patch in.
| Unfortunately it presumes some of the groups (perhaps
| even some privilege) to be always present, so be sure
| you correctly mapped your domain groups to see it
| working correctly.

Yeah  I noticed that SeNetworkLogonRight, SeBatchLogonRight,
SeServiceLogonRight, and SeInteractiveLogonRight are always
filled in by usrmgr.exe regardless of whether they are
enumerated by the server or not.  But this is really a GUI app
limitation and not a requirement from what I can tell.
We really need our own app to work around these kinds of bugs.

cheers, jerry
Alleviating the pain of Windows(tm)      -------
GnuPG Key                -----
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -


More information about the samba-technical mailing list