Privileges and usrmgr.exe

Gerald (Jerry) Carter jerry at samba.org
Mon Mar 6 17:44:01 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

simo wrote:
> I was testing usrmgr.exe (running it on an NT$ PDC against my test samba
> server), and it seems it does not like when there is an unknown SID in
> the privileges database. The traces shows that it ask for the lists of
> privileges and then tries to resolve the SIDs. If we fail to resolve a
> SID it just stamps me an Access Denied. We can probably cure this
> problem by changing the error message (investigating this right now),
> but I was thinking if we shouldn't be a bit more strict in what we let
> admins put inside the db and by deleting corresponding entries when we
> delete users or groups for our passdb.

Simo,

I think somewhere something has changed then.  I remember seeing
usrmgr.exe showing SIDs that wouldn't resolve in the user rights
dialog.  Can you verify what a Windows NT 4.0 DC does when you
assign a privilege to a user/group and then delete that account?
Thanks.







cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEDHThIR7qMdg1EfYRApiyAKCSR6p+hncO9ry+NZy65fVa71Mq7QCgmbie
zFjWpKmlGjCB2VZYNPWOPjA=
=BHv9
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list