SA_RIGHT_USER_ACCT_FLAGS_EXPIRY, which I am in the process of trying to find out the semantics of. The source code apparently makes no reference to it in any way to elucidate its meaning. At this point I don't have much insight, the involved flags are things such as #define SA_RIGHT_USER_ACCT_FLAGS_EXPIRY 0x00000010 #define SA_RIGHT_USER_SET_ATTRIBUTES 0x00000020 #define SA_RIGHT_USER_CHANGE_PASSWORD 0x00000040 #define SA_RIGHT_USER_SET_PASSWORD 0x00000080 and the granted security of 0xd04e4 seems unrelated and invariant with any of the permissions exposed to the user (SeMachineAccountPrivilege, etc.). On Thu, Oct 1, 2009 at 1:06 PM, Nick Pappin <npappin at latahfcu.org> wrote:> On Tue, Sep 29, 2009 at 5:04 PM, m <maglyx at gmail.com> wrote: >> >> I am pulling my hair out trying to figure out why trying to rename my >> computer joined to a Samba domain (version 3.2.3) keeps failing with >> "Access is Denied". In searching I found references to people with the >> same problem where the answer was to set the "rename user script" >> option in smb.conf, but I have done that (not forgetting to restart >> Samba) and there is no difference, still the same error. >> >> My account permissions are set (making my account a member of a group >> mapped to the Administrators group, as well as individually >> individually granting =A0SeMachineAccountPrivilege and >> SeAddUsersPrivilege). I added the same machine to the domain through >> the Windows GUI and I can successfully issue a rename from the Samba >> server-side, as in >> =A0$ net rpc user rename fog$ hog$ >> =A0Enter m's password: >> =A0Renamed user from fog$ to hog$ >> but attempting via the Windows GUI, System Properties|Computer >> Name|Change... keeps failing with the "Access Is Denied" message box. >> >> Any clue what else could be missing or how to diagnose. I tried "log >> level =3D 3" but found the output to be virtually indecipherable, no >> obvious way to correlate any output with the rename operation in >> question. >> >> To be sure, my rename user scipt line is >> =A0rename user script =3D /usr/sbin/usermod --login=3D'%unew' '%uold' >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: =A0https://lists.samba.org/mailman/options/samba > > Are you still having the problem? If so can you try to do a rename from My > Computer -> Properties and pastebin the /var/log/samba/log.smbd file for the > five minutes around when you do it. And can you pastebin your smb.conf. > > Nick >