[Samba] Rev #2 of the 3.02.3c patch
Gerald (Jerry) Carter
jerry at samba.org
Thu Aug 31 21:25:08 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Bork wrote:
> [2006/08/31 22:45:52, 0] smbd/server.c:main(847)
> smbd version 3.0.23c-gwc-2 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2006
> [2006/08/31 22:45:52, 0] lib/account_pol.c:init_account_policy(299)
> init_account_policy: Failed to grant privileges to
> BUILTIN\Administrators!
ok. I'll wrap that call. It's not fatal though right.
Just an error.
A privilege entry is just a SID and a bitmask.
So we are trying to store S-1-5-32-544 with a complete
list of rights.
> I thought there aren't any builtin groups in Samba
> as PDC with backend smbpasswd.
> What is the function of this builtin groups?
> How can I list builtin groups?
Without winbindd, you cannot manipulate the
membership of Administrators but you still get
the SID added to your token if you are a member
of Domain Admins. In this case, the BUILTIN\Administrators
is hard coded in smbd.
> With 'enable privileges = yes' I can see:
> deveis # net rpc rights list Administrators
> Password:
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
cheers, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE91O0IR7qMdg1EfYRAhFyAJ4jFERBpG2R3r0jIpSV5s6VN3bAKwCgr2ZT
8thk4bapVi6uzV3GJ+FmHp0=
=mhJJ
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list