Cannot Delete User From Group

Ricardo Jorge rvelhote at gmail.com
Sat May 29 16:14:51 MDT 2010 

Hi.

I'm having trouble deleting a User from a Group (any Group). I can add
Users to Groups without trouble (and list them afterwards) but a
RuntimeError Exception is thrown every time I try to remove.

Here is some sample code that demonstrates this behaviour. This also
happens using the latest GIT code. Please replace USER_ID with a User
ID you know exists. You may also want to change that domain being
used.

import sys

from samba import credentials
from samba.dcerpc import samr
from samba.dcerpc import security
from samba.dcerpc import lsa

def toArray((handle, array, num_entries)):
    ret = []
    for x in range(num_entries):
        ret.append((array.entries[x].idx, array.entries[x].name))
    return ret

def display_lsa_string(str):
    return str.string

USER_ID = 1018

creds = credentials.Credentials()
creds.set_username("administrator")
creds.set_password("x")
creds.set_domain("")
creds.set_workstation("")

pipe = samr.samr("ncalrpc:", credentials = creds)
connect_handle = pipe.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)

domains = toArray(pipe.EnumDomains(connect_handle, 0, -1))
sid = pipe.LookupDomain(connect_handle, domains[0][1])
domain_handle = pipe.OpenDomain(connect_handle,
security.SEC_FLAG_MAXIMUM_ALLOWED, sid)
user_handle = pipe.OpenUser(domain_handle,
security.SEC_FLAG_MAXIMUM_ALLOWED, USER_ID)
group_list = toArray(pipe.EnumDomainGroups(domain_handle, 0, -1))
user_group_list = pipe.GetGroupsForUser(user_handle).rids

print "The user belongs to the following groups:"
for g in user_group_list:
    print "- " + str(g.rid)

print "\nI will now try try to remove the user from each of those groups.\n"
for g in user_group_list:
    try:
        print "Trying to delete from GroupID " + str(g.rid)
        group_handle = pipe.OpenGroup(domain_handle,
security.SEC_FLAG_MAXIMUM_ALLOWED, g.rid)
        pipe.DeleteGroupMember(group_handle, USER_ID)
    except RuntimeError as message:
        print str(message)

    print "\n"

Here is the output I get from this code:

The user belongs to the following groups:
- 513
- 512
- 1009

I will now try try to remove the user from each of those groups.

Trying to delete from GroupID 513
(-1073741823, 'Undetermined error')


Trying to delete from GroupID 512
(-1073741720, 'Member not in group')


Trying to delete from GroupID 1009
(-1073741720, 'Member not in group')

Any help is appreciated.

Best Regards,
Ricardo

More information about the samba-technical mailing list