[Samba] Acces denied with usrmgr.exe

HB ciradhb.forward at laposte.net
Mon Feb 16 13:53:20 GMT 2009

I am trying to use usrmgr.exe in order to manage users and groups on my samba server PDC (passdb backend = tdbsam ) . 
I have the following strange behavior of usrmgr.exe : 

*	when I launch usrmgr.exe from a user account that is part of the Domain Admins group or that explicitly has the
SeAddUsersPrivilege privilege, I can see the list of users and groups , and create a new user, BUT when I double click on a user or
group, I get the error popup : "Access Denied , the user properties cannot be edited or viewed at this time" . The log level 2 trace
is : 
[2009/02/16 17:18:40,  2] rpc_server/srv_samr_nt.c:access_check_samr_function(246)
  _samr__LookupRids: ACCESS DENIED (granted: 0x000d067a;  required: 0x00000100)
*	The only account that can fully use usrmgr.exe is the samba root account , everything works well under that account. 

I strongly suspect it is a bug on privilege checking , can someone confirm that ? Is there a workarround to make it work as expected
Thanks in advance 

More information about the samba mailing list