[Samba] Problem with 'net rpc group delmem' command

Bob Hope savagephp at gmail.com
Sat Mar 18 13:43:37 GMT 2006 

 Hello everyone,

    I've been setting up Samba as a PDC with good success so far. I've
run into one problem though, and that's removing users from groups using
the 'net' utility. I seem to be able to add users to groups just fine
using something similar to the following:

net rpc group addmem "Domain Admins" bob

If I then type:

net rpc group members "Domain Admins"

it lists the user I just added bob. But if I then try to remove the user
with the following command:

net rpc group delmem "Domain Admins" bob

I get NT_STATUS_ACCESS_DENIED. Debug level 5 output is pasted below. Any
help would be greatly appreciated.

Thank you.

-------------------------------------------------------------------------------
root at nightwolf:~# net rpc group delmem "Domain Admins" -d 4 tjp
[2006/03/17 19:13:47, 3] param/loadparm.c:lp_load(4202)
  lp_load: refreshing parameters
[2006/03/17 19:13:47, 3] param/loadparm.c:init_globals(1385)
  Initialising global parameters
[2006/03/17 19:13:47, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2006/03/17 19:13:47, 3] param/loadparm.c:do_section(3657)
  Processing section "[global]"
  doing parameter workgroup = SAVAGEPHP
  doing parameter netbios name = nightwolf
[2006/03/17 19:13:47, 4] param/loadparm.c:handle_netbios_name(2997)
  handle_netbios_name: set global_myname to: NIGHTWOLF
  doing parameter passdb backend = tdbsam
  doing parameter enable privileges = Yes
  doing parameter pam password change = Yes
  doing parameter passwd program = /usr/bin/passwd %u
  doing parameter passwd chat = *New*Password* %n\n
*Re-enter*new*password*%n\n *Password*changed*
  doing parameter username map = /etc/samba/smbusers
  doing parameter log level = 1
  doing parameter syslog = 0
  doing parameter log file = /var/log/samba/%m
  doing parameter max log size = 50
  doing parameter smb ports = 139 445
  doing parameter name resolve order = wins bcast hosts
  doing parameter printcap name = CUPS
  doing parameter show add printer wizard = No
  doing parameter add user script = /usr/sbin/useradd -m '%u'
  doing parameter delete user script = /usr/sbin/userdel -r '%u'
  doing parameter add group script = /usr/sbin/groupadd '%g'
  doing parameter delete group script = /usr/sbin/groupdel '%g'
  doing parameter add user to group script = /usr/sbin/usermod -G '%g' '%u'
  doing parameter add machine script = /usr/sbin/useradd -s /bin/false
-d /tmp '%u'
  doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh
  doing parameter abort shutdown script = /sbin/shutdown -c
  doing parameter logon script = scripts\logon.bat
  doing parameter logon path = \\%L\profiles\%U
  doing parameter logon drive = H:
  doing parameter logon home = \\%L\%U
  doing parameter domain logons = Yes
  doing parameter preferred master = Yes
  doing parameter domain master = Yes
  doing parameter wins support = Yes
  doing parameter utmp = Yes
  doing parameter map acl inherit = Yes
  doing parameter veto files = /*.eml/*.nws/*.{*}/
  doing parameter veto oplock files = /*.doc/*.xls/*.mdb/
[2006/03/17 19:13:47, 4] param/loadparm.c:lp_load(4233)
  pm_process() returned Yes
[2006/03/17 19:13:47, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.1.3 bcast=192.168.1.255 nmask=255.255.255.0
Password:
[2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_start_connection(1389)
  Connecting to host=127.0.0.1
[2006/03/17 19:13:50, 3] lib/util_sock.c:open_socket_out(870)
  Connecting to 127.0.0.1 at port 445
[2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(710)
  Doing spnego session setup (blob length=16)
[2006/03/17 19:13:50, 3] libsmb/cliconnect.c:cli_session_setup_spnego(714)
  server didn't supply a full spnego negprot
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(917)
  Got challenge flags:
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60890235
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_SEAL
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_CHAL_TARGET_INFO
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(939)
  NTLMSSP: Set final flags:
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/03/17 19:13:50, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332)
  NTLMSSP Sign/Seal - Initialising with flags:
[2006/03/17 19:13:50, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60080215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM
    NTLMSSP_NEGOTIATE_NTLM2
    NTLMSSP_NEGOTIATE_128
    NTLMSSP_NEGOTIATE_KEY_EXCH
[2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74d9 bind
request returned ok.
[2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine 127.0.0.1 pipe \samr fnum 0x74da bind
request returned ok.
[2006/03/17 19:13:50, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine 127.0.0.1 pipe \lsarpc fnum 0x74db bind
request returned ok.
Could not del tjp from Domain Admins: NT_STATUS_ACCESS_DENIED
[2006/03/17 19:13:50, 1] utils/net_rpc.c:run_rpc_command(169)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2006/03/17 19:13:50, 2] utils/net.c:main(878)
  return code = 1
root at nightwolf:~#

More information about the samba mailing list