[Samba] Acces denied with usrmgr.exe
ciradhb.forward at laposte.net
Mon Feb 16 13:53:20 GMT 2009
I am trying to use usrmgr.exe in order to manage users and groups on my samba server PDC (passdb backend = tdbsam ) .
I have the following strange behavior of usrmgr.exe :
* when I launch usrmgr.exe from a user account that is part of the Domain Admins group or that explicitly has the
SeAddUsersPrivilege privilege, I can see the list of users and groups , and create a new user, BUT when I double click on a user or
group, I get the error popup : "Access Denied , the user properties cannot be edited or viewed at this time" . The log level 2 trace
[2009/02/16 17:18:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246)
_samr__LookupRids: ACCESS DENIED (granted: 0x000d067a; required: 0x00000100)
* The only account that can fully use usrmgr.exe is the samba root account , everything works well under that account.
I strongly suspect it is a bug on privilege checking , can someone confirm that ? Is there a workarround to make it work as expected
Thanks in advance
More information about the samba