[Samba] privileges on samba 3.0.11

spu at corman.be spu at corman.be
Thu Mar 10 10:31:01 GMT 2005 




Hi,

I have a test server and I try to test the new privileges functionnality.
But I try to test the SePrintOperatorPrivileges

I set a specifiv user with net -S PDC rpc right grant xxx
SePrintOperatorPrivilege
After I submit a job and I try with this user to cancel the job.  But when
I want to cancel the job with the user, windows says that the user cannot
right to modify the job.

In log, I can see :

[2005/03/10 10:56:59, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/10 10:56:59, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/10 10:56:59, 4] lib/smbldap.c:smbldap_open(919)
  The LDAP server is succesfully connected
[2005/03/10 10:56:59, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2080)
  ldapsam_getgroup: Did not find group
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/10 10:56:59, 5] lib/privileges.c:get_privileges_for_sids(420)
  get_privileges_for_sids: sid =
S-1-5-21-2525780297-265556163-1256307271-3058
  Privilege set:
  SE_PRIV  0x20 0x0 0x0 0x0
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-513]
[2005/03/10 10:56:59, 5] lib/privileges.c:get_privileges_for_sids(420)
  get_privileges_for_sids: sid = S-1-1-0
  Privilege set:
  SE_PRIV  0x0 0x0 0x0 0x0
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID [S-1-5-11]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-547]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-1453]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3005]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3015]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3017]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3043]
[2005/03/10 10:56:59, 3] lib/privileges.c:get_privileges(226)
  get_privileges: No privileges assigned to SID
[S-1-5-21-2525780297-265556163-1256307271-3201]
[2005/03/10 10:56:59, 5] auth/auth_util.c:make_server_info_sam(830)
  make_server_info_sam: made server info for user nlam -> nlam
[2005/03/10 10:56:59, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [NLAM] succeeded
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/03/10 10:56:59, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/03/10 10:56:59, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2005/03/10 10:56:59, 5] auth/auth_util.c:debug_unix_user_token(507)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/03/10 10:56:59, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/10 10:56:59, 5] auth/auth.c:check_ntlm_password(292)
  check_ntlm_password:  PAM Account for user [nlam] succeeded
[2005/03/10 10:56:59, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [NLAM] -> [NLAM] -> [nlam]
succeeded
...

A other information is that the user is on a other domain that the test
domain.

Anyone can help me

thanks

      Stéphane


-----------------------------------
Stéphane PURNELLE                         stephane.purnelle at corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467

More information about the samba mailing list