When doing simple:
net rpc file -Untadmin
With ntadmin being a user belonging to properly groupmapped domain admins,
(with rid 512), including cases with ntadmin being rid=500 itself,
I always get:
[2010/06/30 15:06:46.272578, 2] auth/auth.c:304(check_ntlm_password)
check_ntlm_password: authentication for user [ntadmin] -> [ntadmin] ->
[ntadmin] succeeded
[2010/06/30 15:06:46.276232, 1]
rpc_server/srv_srvsvc_nt.c:1039(_srvsvc_NetFileEnum)
Enumerating files only allowed for administrators
I've peeked into srv_srvsvc_nt.c and the main difference from earlier
samba versions (in the function mentioned in logs) is the addition
of the following check:
if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
p->server_info->ptok)) {
DEBUG(1, ("Enumerating files only allowed for "
"administrators\n"));
return WERR_ACCESS_DENIED;
}
Judging from variables' names it checks if a user belongs to builtin group.
Assuming
this kind of check is intended in this place - how to actually make
[functionally
working] builtin group ? groupmap allows mapping to local and builtins groups,
and
I've also tested some net rpc group variations - but so far to no actual
effect.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
