Privileges and usrmgr.exe

simo idra at
Mon Mar 6 16:39:17 GMT 2006

I was testing usrmgr.exe (running it on an NT$ PDC against my test samba
server), and it seems it does not like when there is an unknown SID in
the privileges database. The traces shows that it ask for the lists of
privileges and then tries to resolve the SIDs. If we fail to resolve a
SID it just stamps me an Access Denied. We can probably cure this
problem by changing the error message (investigating this right now),
but I was thinking if we shouldn't be a bit more strict in what we let
admins put inside the db and by deleting corresponding entries when we
delete users or groups for our passdb.


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list