[PATCH 1/2] Set os attribute and version during domain join
Gerald (Jerry) Carter
jerry at samba.org
Fri Mar 16 18:30:28 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew Geddes wrote:
> At a quick glance, it looks as though this may be due to to
> ACLs set in Active Directory. There is a difference
> between the ACLs on a Samba-created machine account and a
> Windows XP-created machine account from what I've seen.
> Windows XP-created accounts grant rights to the
> user doing the join to update the properties in the
> account, whereas Samba-created accounts don't.
>
> The only seemingly-relevant differences I see in captures between our
> join and XP's is that we use an Info24 + an Info16 to set account
> attributes (mainly the password), whereas XP just uses the Info25
> (An info 21 + the password). I can't see anything in the Info21 that
> looks like the account flags passed to
> net_domain.c:rpccli_samr_create_dom_user (arg 6). Incidentally,
> I have a patch I'm trying to get back to you guys that
> fixes some problems with these flags.
Matthew, From what I've seen, the resulting permissions are
exactly the Samba between the Samba machine ovject and XP.
I've viewed the resulting ACLs in adsiedit.msc. Can you point
me at how you are seeing the differences?
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF+uJEIR7qMdg1EfYRAlpnAJ98tuM1N1uLRnzy7fVRBbBkL1NvMQCePBif
1GuFW4CM5acMzB5+aiB6hLE=
=Z8G1
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list