[Samba] Using NetWkstaGetInfo / NetWkstaUserEnum with sambaserver

Ian Puleston ipuleston at SonicWALL.com
Mon Jul 20 18:16:02 MDT 2009

> -----Original Message-----
> From: Volker Lendecke
> Sent: Friday, July 17, 2009 8:57 PM
> On Fri, Jul 17, 2009 at 02:04:19PM -0700, Ian Puleston wrote:
> > I'm trying to run a program on a Windows server that sends the
> > NetWkstaGetInfo and/or NetWkstaUserEnum NetAPI requests to 
> > Samba server on a Linux machine, being logged in
> > to that Windows server as the domain administrator. NetWkstaGetInfo
> > has 3 levels (100 to 102) with 100 requiring only guest access.
> > 100 works OK, but levels 101/102 return error 124 (invalid level).
> > NetWkstaUserEnum returns error 1745 (RPC_S_PROCNUM_OUT_OF_RANGE).
> >
> > I have samba logging turned on with log level set to 3, and it logs
> > successfully authenticating the domain administrator
> > (sd80\administrator) and receiving the NetWksta... command in both
> > cases (see below), so any idea why it may be returning these errors?
> > On authenticating the user I do see "get_privileges: No privileges
> > assigned to SID" logged - could this be the reason, the account does
> > not have the privilege to run these commands on the Linux machine?
> > so is there a way to give the account that privilege?
> >
> > Here is the samba log of an attempt to run NetWkstaUserEnum:
> Probably we "just" don't support some calls or some infolevels that we
> haven't come across yet. Can you please file a bug at
> and upload network traces?
> Maybe also a snippet of your Win32 code that you're trying to get to
> run.

That is possible but at
l I found the comment "As I see at [smbd/lanman.c] smbd will reply to
NetWkstaGetInfo request with username (at field 2). But MSDN
specification doesn't says about username, just about number of users
who are logged on to the local computer (level = 102)" which implies
that it should support the NetWkstaGetInfo request at all 3 levels.

I thought I might have found the problem as mentioned at
which says that for the domain admin to get root privilege on the Linux
PC the SID for root needs to be set to the value for the domain admin.
But I haven't been able to get the command that is given to do that to
work (its under "The Administrator Domain SID" down near the bottom of
that page):

[root at ian-linuxtest samba]# net getlocalsid sd80
SID for domain sd80 is: S-1-5-21-4023909512-3739307249-2032274589
[root at ian-linuxtest samba]# pdbedit -U
S-1-5-21-4023909512-3739307249-2032274589-500 -u root -r
tdb_update_sam: struct samu (root) with no RID!
Unable to modify entry!

Any ideas on that?

The Win32 code I am using is simply the Microsoft code sample at
http://msdn.microsoft.com/en-us/library/aa370663(VS.85).aspx with a
small hack to allow the level to be given on the command line.


More information about the samba mailing list