PAC group problem
tridge at samba.org
tridge at samba.org
Fri Jan 15 04:48:33 MST 2010
Hi Andrew,
I've reproduced that group problem we had once before.
If you do the following:
1) provision a s4 DC
2) dcpromo join a w2k8r2 box to it (presumably same with w2k8)
3) connect to the s4 box from windows DC as administrator
then security_session_user_level() for the login comes back as
SECURITY_USER not SECURITY_ADMINISTRATOR as builtin administrators is
not in the token. I presume the PAC came back wrong from the s4 KDC.
I noticed this as it breaks some DRS calls that check for
SECURITY_ADMINISTRATOR.
I guess we're not expanding the group membership right in the kdc
code?
Cheers, Tridge
More information about the samba-technical
mailing list