Lou Gascou
2007-Aug-24 09:26 UTC
[Samba] net user ... /add /domain does not work with samba ?
Hello, I try to use the windows command "net use ... /add /domain" without success from Xp or Vista. I would realy appreciate to use this command from windows since usrmgr.exe seems not working on Vista and our accounts managers are not allowed to access Samba servers. Is it possible ? Thank you for your help. LG Here under is the network flow shown by Wireshark ... SamrConnect5 request, \\MYPDC SamrConnect5 response STATUS_SUCCESS SamrEnumerateDomainsInSamServer request (\\MYPDC) SamrEnumerateDomainsInSamServer response STATUS_SUCCESS SamrLookupDomainsInSamServer request (\\MYPDC) SamrLookupDomainsInSamServer response STATUS_SUCCESS SamrOpenDomain request (S-1-5-21-...) SamrOpenDomain response STATUS_SUCCESS SamrCreateUser2InDomain request (myuser, access ctrl=0x00000010,access mask=0xe00500b0) SamrCreateUser2InDomain response STATUS_SUCCESS At this point the user might be created on the PDC but the conversation is not closed and the net command from windows queries the PDC. SamrQueryInformationUser request (Policy handle: createuser2 handle) SamrQueryInformationUser response STATUS_SUCCESS SamrGetUserDomainPasswordInformation request (Policy handle: createuser2 handle) SamrGetUserDomainPasswordInformation response STATUS_SUCCESS Then the command tries to set some information on the PDC accounts db. SamrSetInformationUser2 request (a lot of user infos) SamrSetInformationUser2 response STATUS_ACCESS_DENIED Since the windows net command is not happy to not be able to set the lot of user infos in account db it deletes the just created account on the PDC. SamrDeleteUser request (Policy handle: createuser2 handle) SamrDeleteUser response STATUS_SUCCESS I also debugged the network flow while using Samba "net rpc user add" command from another machine in the network. It showed a conversation looking ending at the first part of the windows one. The one difference is that Samba uses SamrConnect2 in place of SamrConnect5.
Lou Gascou
2007-Aug-24 09:33 UTC
[Samba] Re: net user ... /add /domain does not work with samba ?
Lou Gascou a ?crit :> Hello, > > I try to use the windows command "net use ... /add /domain" without > success from Xp or Vista. > > I would realy appreciate to use this command from windows since > usrmgr.exe seems not working on Vista and our accounts managers are not > allowed to access Samba servers. >Sorry but I omited to write that I use Samba 3.0.25c with smbpasswd password backend.> Is it possible ? > Thank you for your help. > > LG > > > Here under is the network flow shown by Wireshark > > ... > SamrConnect5 request, \\MYPDC > SamrConnect5 response STATUS_SUCCESS > SamrEnumerateDomainsInSamServer request (\\MYPDC) > SamrEnumerateDomainsInSamServer response STATUS_SUCCESS > SamrLookupDomainsInSamServer request (\\MYPDC) > SamrLookupDomainsInSamServer response STATUS_SUCCESS > SamrOpenDomain request (S-1-5-21-...) > SamrOpenDomain response STATUS_SUCCESS > SamrCreateUser2InDomain request (myuser, access ctrl=0x00000010,access > mask=0xe00500b0) > SamrCreateUser2InDomain response STATUS_SUCCESS > > At this point the user might be created on the PDC > but the conversation is not closed and the net command > from windows queries the PDC. > > SamrQueryInformationUser request (Policy handle: createuser2 handle) > SamrQueryInformationUser response STATUS_SUCCESS > SamrGetUserDomainPasswordInformation request (Policy handle: createuser2 > handle) > SamrGetUserDomainPasswordInformation response STATUS_SUCCESS > > Then the command tries to set some information on the > PDC accounts db. > > SamrSetInformationUser2 request (a lot of user infos) > SamrSetInformationUser2 response STATUS_ACCESS_DENIED > > Since the windows net command is not happy to not be able to set the lot > of user infos in account db it deletes the just created account on the PDC. > > SamrDeleteUser request (Policy handle: createuser2 handle) > SamrDeleteUser response STATUS_SUCCESS > > > I also debugged the network flow while using Samba "net rpc user add" > command from another machine in the network. It showed a conversation > looking ending at the first part of the windows one. The one difference > is that Samba uses SamrConnect2 in place of SamrConnect5. > > > >