Privileges and usrmgr.exe
Gerald (Jerry) Carter
jerry at samba.org
Mon Mar 6 17:44:01 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
simo wrote:
> I was testing usrmgr.exe (running it on an NT$ PDC against my test samba
> server), and it seems it does not like when there is an unknown SID in
> the privileges database. The traces shows that it ask for the lists of
> privileges and then tries to resolve the SIDs. If we fail to resolve a
> SID it just stamps me an Access Denied. We can probably cure this
> problem by changing the error message (investigating this right now),
> but I was thinking if we shouldn't be a bit more strict in what we let
> admins put inside the db and by deleting corresponding entries when we
> delete users or groups for our passdb.
Simo,
I think somewhere something has changed then. I remember seeing
usrmgr.exe showing SIDs that wouldn't resolve in the user rights
dialog. Can you verify what a Windows NT 4.0 DC does when you
assign a privilege to a user/group and then delete that account?
Thanks.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEDHThIR7qMdg1EfYRApiyAKCSR6p+hncO9ry+NZy65fVa71Mq7QCgmbie
zFjWpKmlGjCB2VZYNPWOPjA=
=BHv9
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list