[Samba] Re: net user ... /add /domain does not work with samba ?

Lou Gascou ple001 at artic.fr
Fri Aug 24 09:32:45 GMT 2007 

Lou Gascou a écrit :
> Hello,
> 
> I try to use the windows command "net use ... /add /domain" without 
> success from Xp or Vista.
> 
> I would realy appreciate to use this command from windows since
> usrmgr.exe seems not working on Vista and our accounts managers are not 
> allowed to access Samba servers.
> 

Sorry but I omited to write that I use Samba 3.0.25c with smbpasswd 
password backend.

> Is it possible ?
> Thank you for your help.
> 
> LG
> 
> 
> Here under is the network flow shown by Wireshark
> 
> ...
> SamrConnect5 request, \\MYPDC
> SamrConnect5 response STATUS_SUCCESS
> SamrEnumerateDomainsInSamServer request (\\MYPDC)
> SamrEnumerateDomainsInSamServer response STATUS_SUCCESS
> SamrLookupDomainsInSamServer request (\\MYPDC)
> SamrLookupDomainsInSamServer response STATUS_SUCCESS
> SamrOpenDomain request (S-1-5-21-...)
> SamrOpenDomain response STATUS_SUCCESS
> SamrCreateUser2InDomain request (myuser, access ctrl=0x00000010,access 
> mask=0xe00500b0)
> SamrCreateUser2InDomain response STATUS_SUCCESS
> 
> At this point the user might be created on the PDC
> but the conversation is not closed and the net command
> from windows queries the PDC.
> 
> SamrQueryInformationUser request (Policy handle: createuser2 handle)
> SamrQueryInformationUser response STATUS_SUCCESS
> SamrGetUserDomainPasswordInformation request (Policy handle: createuser2 
> handle)
> SamrGetUserDomainPasswordInformation response STATUS_SUCCESS
> 
> Then the command tries to set some information on the
> PDC accounts db.
> 
> SamrSetInformationUser2 request (a lot of user infos)
> SamrSetInformationUser2 response STATUS_ACCESS_DENIED
> 
> Since the windows net command is not happy to not be able to set the lot 
> of user infos in account db it deletes the just created account on the PDC.
> 
> SamrDeleteUser request (Policy handle: createuser2 handle)
> SamrDeleteUser response STATUS_SUCCESS
> 
> 
> I also debugged the network flow while using Samba "net rpc user add" 
> command from another machine in the network. It showed a conversation 
> looking ending at the first part of the windows one. The one difference 
> is that Samba uses SamrConnect2 in place of SamrConnect5.
> 
> 
> 
>

More information about the samba mailing list