[Samba] Rev #2 of the 3.02.3c patch

Gerald (Jerry) Carter jerry at samba.org
Thu Aug 31 21:25:08 GMT 2006

Hash: SHA1

Thomas Bork wrote:

> [2006/08/31 22:45:52, 0] smbd/server.c:main(847)
>   smbd version 3.0.23c-gwc-2 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2006
> [2006/08/31 22:45:52, 0] lib/account_pol.c:init_account_policy(299)
>   init_account_policy: Failed to grant privileges to
> BUILTIN\Administrators!

ok.  I'll wrap that call.  It's not fatal though right.
Just an error.

A privilege entry is just a SID and a bitmask.
So we are trying to store S-1-5-32-544 with a complete
list of rights.

> I thought there aren't any builtin groups in Samba 
> as PDC with backend smbpasswd.
> What is the function of this builtin groups?
> How can I list builtin groups?

Without winbindd, you cannot manipulate the
membership of Administrators but you still get
the SID added to your token if you are a member
of Domain Admins.  In this case, the BUILTIN\Administrators
is hard coded in smbd.

> With 'enable privileges = yes' I can see:
> deveis # net rpc rights list Administrators
> Password:
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com

"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba-technical mailing list