Gerald (Jerry) Carter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dmitry Melekhov wrote:
| I just checked latest svn with
| svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE
| samba-SAMBA_3_0_RELEASE
|
| And I still have the same problem.
|
| net -S dm -U root rpc rights grant 'TEST\dm' SeMachineAccountPrivilege
| Password:
| Failed to grant privileges for TEST\dm (NT_STATUS_ACCESS_DENIED)
|
| log.smb is attached...
Can you send me your smb.conf, the output from `id dm`, the output from 'net groupmap list', and the output from 'net getlocalsid'?
I found a reason. Problem is that I created tdbsam from smbpasswd using pdbedit. Now I tried to reproduce this and here is pdbedit output:
Processing account root
tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID
pdb_getsampwent
And then I can't modify or add root account with the same result:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [root] without a primary group RID
This problem appears only if groupmap to unixgroup exists:
./net groupmap list
Domain Admins (S-1-5-21-2314933419-357499204-1604414191-512) -> root
If I delete this mapping then I can add root account:
Domain Admins (S-1-5-21-1953428550-3027608681-49554636-512) -> -1
Unix username: root NT username: Account Flags: [U ] User SID: S-1-5-21-1953428550-3027608681-49554636-1000 Primary Group SID: S-1-5-21-1953428550-3027608681-49554636-1001 Full Name: root Home Directory: \\dm\root HomeDir Drive: Logon Script: Profile Path: \\dm\root\profile Domain: TEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sun, 07 Feb 2106 10:28:15 GMT Kickoff time: Sun, 07 Feb 2106 10:28:15 GMT Password last set: Mon, 07 Feb 2005 11:25:49 GMT Password can change: Mon, 07 Feb 2005 11:25:49 GMT Password must change: Sun, 07 Feb 2106 10:28:15 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Looks like this problem appears if any groupmapping exists.
Then if I add groupmapping all works:
[EMAIL PROTECTED] bin]# ./net groupmap modify sid=S-1-5-21-1953428550-3027608681-49554636-512 unixgroup=root
Updated mapping entry for Domain Admins
[EMAIL PROTECTED] bin]# ./net rpc rights grant 'TEST\dm' SePrintOperatorPrivilege
Password:
Successfully granted rights.
All this is for 3.0.11.
Looks like this is problem with tdbsam...
I don't know how I created root user in tdbsam before.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
