Cannot Delete User From Group
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Jun 25 00:55:14 MDT 2010
Hi Ricardo,
it took longer but this should now be fixed. One thing which isn't
expected to work is the delete from the primary group. Therefore this
error will stay:
Trying to delete from GroupID 513
(-1073741823, 'Undetermined error')
All others should be gone now (I made myself a small test example and it
worked using your script).
Your post was very important to fix up the SAMR server which contained
errors.
Matthias
Ricardo Jorge wrote:
> Hi.
>
> I'm having trouble deleting a User from a Group (any Group). I can add
> Users to Groups without trouble (and list them afterwards) but a
> RuntimeError Exception is thrown every time I try to remove.
>
> Here is some sample code that demonstrates this behaviour. This also
> happens using the latest GIT code. Please replace USER_ID with a User
> ID you know exists. You may also want to change that domain being
> used.
>
> import sys
>
> from samba import credentials
> from samba.dcerpc import samr
> from samba.dcerpc import security
> from samba.dcerpc import lsa
>
> def toArray((handle, array, num_entries)):
> ret = []
> for x in range(num_entries):
> ret.append((array.entries[x].idx, array.entries[x].name))
> return ret
>
> def display_lsa_string(str):
> return str.string
>
> USER_ID = 1018
>
> creds = credentials.Credentials()
> creds.set_username("administrator")
> creds.set_password("x")
> creds.set_domain("")
> creds.set_workstation("")
>
> pipe = samr.samr("ncalrpc:", credentials = creds)
> connect_handle = pipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
>
> domains = toArray(pipe.EnumDomains(connect_handle, 0, -1))
> sid = pipe.LookupDomain(connect_handle, domains[0][1])
> domain_handle = pipe.OpenDomain(connect_handle,
> security.SEC_FLAG_MAXIMUM_ALLOWED, sid)
> user_handle = pipe.OpenUser(domain_handle,
> security.SEC_FLAG_MAXIMUM_ALLOWED, USER_ID)
> group_list = toArray(pipe.EnumDomainGroups(domain_handle, 0, -1))
> user_group_list = pipe.GetGroupsForUser(user_handle).rids
>
> print "The user belongs to the following groups:"
> for g in user_group_list:
> print "- " + str(g.rid)
>
> print "\nI will now try try to remove the user from each of those groups.\n"
> for g in user_group_list:
> try:
> print "Trying to delete from GroupID " + str(g.rid)
> group_handle = pipe.OpenGroup(domain_handle,
> security.SEC_FLAG_MAXIMUM_ALLOWED, g.rid)
> pipe.DeleteGroupMember(group_handle, USER_ID)
> except RuntimeError as message:
> print str(message)
>
> print "\n"
>
> Here is the output I get from this code:
>
> The user belongs to the following groups:
> - 513
> - 512
> - 1009
>
> I will now try try to remove the user from each of those groups.
>
> Trying to delete from GroupID 513
> (-1073741823, 'Undetermined error')
>
>
> Trying to delete from GroupID 512
> (-1073741720, 'Member not in group')
>
>
> Trying to delete from GroupID 1009
> (-1073741720, 'Member not in group')
>
> Any help is appreciated.
>
> Best Regards,
> Ricardo
>
>
More information about the samba-technical
mailing list