[Samba] net user ... /add /domain does not work with samba ?

[Lou Gascou]

Hello,

I try to use the windows command "net use ... /add /domain" without 
success from Xp or Vista.

I would realy appreciate to use this command from windows since
usrmgr.exe seems not working on Vista and our accounts managers are not 
allowed to access Samba servers.

Is it possible ?
Thank you for your help.

LG


Here under is the network flow shown by Wireshark

...
SamrConnect5 request, \\MYPDC
SamrConnect5 response STATUS_SUCCESS
SamrEnumerateDomainsInSamServer request (\\MYPDC)
SamrEnumerateDomainsInSamServer response STATUS_SUCCESS
SamrLookupDomainsInSamServer request (\\MYPDC)
SamrLookupDomainsInSamServer response STATUS_SUCCESS
SamrOpenDomain request (S-1-5-21-...)
SamrOpenDomain response STATUS_SUCCESS
SamrCreateUser2InDomain request (myuser, access ctrl=0x00000010,access 
mask=0xe00500b0)
SamrCreateUser2InDomain response STATUS_SUCCESS

At this point the user might be created on the PDC
but the conversation is not closed and the net command
from windows queries the PDC.

SamrQueryInformationUser request (Policy handle: createuser2 handle)
SamrQueryInformationUser response STATUS_SUCCESS
SamrGetUserDomainPasswordInformation request (Policy handle: createuser2 
handle)
SamrGetUserDomainPasswordInformation response STATUS_SUCCESS

Then the command tries to set some information on the
PDC accounts db.

SamrSetInformationUser2 request (a lot of user infos)
SamrSetInformationUser2 response STATUS_ACCESS_DENIED

Since the windows net command is not happy to not be able to set the lot 
of user infos in account db it deletes the just created account on the PDC.

SamrDeleteUser request (Policy handle: createuser2 handle)
SamrDeleteUser response STATUS_SUCCESS


I also debugged the network flow while using Samba "net rpc user add" 
command from another machine in the network. It showed a conversation 
looking ending at the first part of the windows one. The one difference 
is that Samba uses SamrConnect2 in place of SamrConnect5.