[Samba] privileges in 3.11?

Gerald (Jerry) Carter jerry at samba.org
Mon Feb 7 14:16:11 GMT 2005

Hash: SHA1

Dmitry Melekhov wrote:

| I found a reason.
| Problem is that I created tdbsam from smbpasswd
| using pdbedit. Now I tried to reproduce this and
| here is pdbedit output:
| Processing account root
| tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a
| primary group RID
| pdb_getsampwent
| And then I can't modify or add root account with the same result:
| tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a
| primary group RID
| This problem appears only if groupmap to unixgroup exists:
| ./net groupmap list
| Domain Admins (S-1-5-21-2314933419-357499204-1604414191-512) -> root

The problem is actually that Windows does not allow a user and
group to have the same name.  You must assign a different display
name to group map entry.

This is strange though.  I'll look into it some more.

| Then if I add groupmapping all works:
| [root at dm bin]# ./net groupmap modify
| sid=S-1-5-21-1953428550-3027608681-49554636-512 unixgroup=root
| Updated mapping entry for Domain Admins
| [root at dm bin]# ./net rpc rights grant 'TEST\dm' SePrintOperatorPrivilege
| Password:
| Successfully granted rights.

Thanks for the feedback.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list