Robert Schetterer
2005-Nov-02 13:13 UTC
[Samba] usrmgr keeps user in domain admins group / bug ?
Hi everybody, i have discovered following problem. System suse 9.2 pdc samba 3.0.20b ldap. a system user which was in the group Domain Admins ( as secondary group of course ) , cannot be removed from the group, by usrmgr ( in real ldap the user gets deleted ! ) If the user account gets deleted completly and recreated it is shown again in the domain admins group.( which isnt so in ldap ) This seems to me as bug with usrmgr, which seem not to forget having a user in Domain Admins Group. ( guessing about some caching? ) restarting smb nmb does not fix this. There is no failure of function if i browse the delete and add accts with a ldap browser. Best Regards
Robert Schetterer
2005-Nov-02 22:03 UTC
[Samba] usrmgr keeps user in domain admins group / bug ? solved
Hi @ll, the problem is linked to the david software specially to the david admin david admin puts some reg key to the windows client which is used to view the david services from the windows client on the smb server. This is done via ssh, so here seems to be the problem when the user changes out from the domain admins group, cause the ssh connect is still done by the old ssh account, so there are two connects to the smb pdc ( smb, ssh ) with differnet accounts. This seems to force usrmgr to show the user staying in the domain admins group , while this isnt true in ldap anymore. After fixing the reg key to the right user account , showing of david services in the david admin works again , and usrmgr shows the right group entries again ( a reboot was done too ), so the failure went away. I am not 100 % sure about this fix but the failure was solved. Best Regards Robert Schetterer schrieb:> Hi everybody, > i have discovered following problem. > System suse 9.2 pdc samba 3.0.20b ldap. > a system user which was in the group Domain Admins ( as secondary > group of course ) , cannot be removed from the group, by usrmgr ( in > real ldap the user gets deleted ! ) > If the user account gets deleted completly and recreated it is shown > again in the domain admins group.( which isnt so in ldap ) > This seems to me as bug with usrmgr, which seem not to forget having a > user in Domain Admins Group. ( guessing about some caching? ) > restarting smb nmb does not fix this. > There is no failure of function if i browse the delete and add accts > with a ldap browser. > Best Regards