support for privileges in Samba 3.0
Gerald (Jerry) Carter
jerry at samba.org
Thu Jan 13 13:04:52 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Simo Sorce wrote:
| Well, I've done that mostly because NT4 domains
| have the privileges set replicated on each DC,
| but to be honest I see that as a limitation.
| Being able to set different privileges on each DC
| is a plus imho, so I welcome the removal of automatic
| replication, and I would suggest to make the replication
| of privileges optional, they are just a local thing
| made global by mistake in NT4 SAM engineering.
I haven't quite fleshed out all the details yet
but I'll keep that suggestion in mind.
|> PS: apparently User Manager running on 2k has some issues
|> with setting account rights. I get the same failures against
|> an NT4 PDC.
| I will work again on usrmgr.exe as I see the patch in.
| Unfortunately it presumes some of the groups (perhaps
| even some privilege) to be always present, so be sure
| you correctly mapped your domain groups to see it
| working correctly.
Yeah I noticed that SeNetworkLogonRight, SeBatchLogonRight,
SeServiceLogonRight, and SeInteractiveLogonRight are always
filled in by usrmgr.exe regardless of whether they are
enumerated by the server or not. But this is really a GUI app
limitation and not a requirement from what I can tell.
We really need our own app to work around these kinds of bugs.
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical