[Samba] usrmgr keeps user in domain admins group / bug ? solved

Robert Schetterer robert at schetterer.org
Wed Nov 2 22:02:56 GMT 2005

Hi @ll,
the problem is linked to the david software specially to the david admin
david admin puts some reg key to the windows client which is used
to view the david services from the windows client on the smb server.
This is done via ssh, so here seems to be the problem when the user 
changes out from the domain admins group, cause the ssh connect is still
done by the old ssh account, so there are two connects to the smb pdc ( 
smb, ssh ) with differnet accounts.
This seems to force usrmgr to show the user staying in the domain admins 
group , while this isnt true in ldap anymore.
After fixing the reg key to the right user account , showing of david 
services in the david admin works again , and usrmgr shows the right
group entries again ( a reboot was done too ), so the failure went away.
I am not 100 % sure about this fix but the failure was solved.
Best Regards

Robert Schetterer schrieb:

> Hi everybody,
> i have discovered following problem.
> System suse 9.2 pdc samba  3.0.20b  ldap.
> a system user which was in the group Domain Admins ( as secondary 
> group of course ) , cannot be removed from the group, by usrmgr ( in 
> real ldap the user gets deleted ! )
> If the user account gets deleted completly and recreated it is shown 
> again in the domain admins group.( which isnt so in ldap )
> This seems to me as bug with usrmgr, which seem not to forget having a 
> user in Domain Admins Group. ( guessing about some caching? )
> restarting smb nmb does not fix this.
> There is no failure of function if i browse the delete and add accts 
> with a ldap browser.
> Best Regards

More information about the samba mailing list