Re: [Samba] samba-3 problem joining ws to domain
Hi, This was a limitation in samba 3.0.x up until 3.0.11-pre1. Only the user mapped to root was able to join machines to a samba-domain. In the latest version (samba-3.0.11-rc1) there have been added some rights to allow joining of machines for other users. have a look at http://samba.org/~jerry/Samba-Rights-HOWTO this link was posted from Jerry Carter to document the new features 7 Days ago. Hope it helps Christoph cj schrieb: G'day Rauno, Just wondering if you ever found a solution to your problem (http://lists.samba.org/archive/samba/2003-September/073997.html) regarding Windows 2K workstations joining a Samba3 domain. I seem to be experiencing the same problems - with the access denied message. Any ideas would be most appreciated. Regards Corey Johnston. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3 problem joining ws to domain
Christoph Thank you so much for pointing this out to me - it will save me from ripping more of my hair out! I must have missed this info in the howto - I had assumed it was just another problem I was experiencing because I was using Sun Directory Server and not OpenLDAP as the backend. Thanks again Corey. Christoph Scheeder wrote: Hi, This was a limitation in samba 3.0.x up until 3.0.11-pre1. Only the user mapped to root was able to join machines to a samba-domain. In the latest version (samba-3.0.11-rc1) there have been added some rights to allow joining of machines for other users. have a look at http://samba.org/~jerry/Samba-Rights-HOWTO this link was posted from Jerry Carter to document the new features 7 Days ago. Hope it helps Christoph cj schrieb: G'day Rauno, Just wondering if you ever found a solution to your problem (http://lists.samba.org/archive/samba/2003-September/073997.html) regarding Windows 2K workstations joining a Samba3 domain. I seem to be experiencing the same problems - with the access denied message. Any ideas would be most appreciated. Regards Corey Johnston. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3 problem joining ws to domain
G'day Rauno, Just wondering if you ever found a solution to your problem (http://lists.samba.org/archive/samba/2003-September/073997.html) regarding Windows 2K workstations joining a Samba3 domain. I seem to be experiencing the same problems - with the access denied message. Any ideas would be most appreciated. Regards Corey Johnston. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3 problem joining ws to domain
Hey Rauno, I have the same problem with my samba as you had login in with a Win2k into samba. I was looking for an answer but don't find any. Did you solve the problem? And if you did how did you do it? It would be a great help for me to set up my samba domain. I feel i'm getting close to login with my windows 2k. Thanks Wim Moons [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 24 of length 140 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=52 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 1080 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 25 of length 174 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=86 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540) Returning domain sid for domain TESTVGC.WIM - S-1-5-21-1500465781-2286450115-1798819339 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 22 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 26 of length 164 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=76 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/12/11 12:10:37, 3] lib/util_seaccess.c:se_access_check(267) [2003/12/11 12:10:37, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-1500465781-2286450115-1798819339-1000 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-2025 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-1201 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-512 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-513 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 27 of length 176 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=88 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_CREATE_USER [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 18 this is a part of the log file taken at debug level 3 _ Volg Expeditie Robinson op de voet! http://entertainment.msn.be/tv/expeditierobinson/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3 problem joining ws to domain
Did you change the ip of the server after setting up the domain? I know if you do so you have to delete the contents of the lock-dir. BUT DO NOT DELETE secrets.tdb, because this one includes the domain-SID. If you delete this file a new Domain-SID will be generated and you have to put all win2k/xp Clients new into the new domain! So, be careful! On 11 Dec 2003 at 10:41, Wim Moons wrote: Hey Rauno, I have the same problem with my samba as you had login in with a Win2k into samba. I was looking for an answer but don't find any. Did you solve the problem? And if you did how did you do it? It would be a great help for me to set up my samba domain. I feel i'm getting close to login with my windows 2k. Thanks Wim Moons [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 24 of length 140 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=52 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 1080 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 25 of length 174 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=86 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540) Returning domain sid for domain TESTVGC.WIM - S-1-5-21-1500465781-2286450115-1798819339 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 22 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 26 of length 164 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=76 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/12/11 12:10:37, 3] lib/util_seaccess.c:se_access_check(267) [2003/12/11 12:10:37, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-1500465781-2286450115-1798819339-1000 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-2025 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-1201 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-512 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-513 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 27 of length 176 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=88 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_CREATE_USER [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
Re: [Samba] samba-3 problem joining ws to domain
No the ip server is still the same as in the beginning so that should not be the problem. I didn't delete the secrets.tdb neither. Wim Moons From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Samba] samba-3 problem joining ws to domain Date: Thu, 11 Dec 2003 15:25:37 +0100 Did you change the ip of the server after setting up the domain? I know if you do so you have to delete the contents of the lock-dir. BUT DO NOT DELETE secrets.tdb, because this one includes the domain-SID. If you delete this file a new Domain-SID will be generated and you have to put all win2k/xp Clients new into the new domain! So, be careful! On 11 Dec 2003 at 10:41, Wim Moons wrote: Hey Rauno, I have the same problem with my samba as you had login in with a Win2k into samba. I was looking for an answer but don't find any. Did you solve the problem? And if you did how did you do it? It would be a great help for me to set up my samba domain. I feel i'm getting close to login with my windows 2k. Thanks Wim Moons [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 24 of length 140 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=52 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_ENUM_DOMAINS [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 1080 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 25 of length 174 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=86 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_LOOKUP_DOMAIN [2003/12/11 12:10:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2540) Returning domain sid for domain TESTVGC.WIM - S-1-5-21-1500465781-2286450115-1798819339 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 22 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 26 of length 164 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=76 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/12/11 12:10:37, 3] lib/util_seaccess.c:se_access_check(267) [2003/12/11 12:10:37, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-1500465781-2286450115-1798819339-1000 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-2025 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-1201 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-512 se_access_check: also S-1-5-21-1500465781-2286450115-1798819339-513 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/12/11 12:10:37, 3] smbd/process.c:process_smb(890) Transaction 27 of length 176 [2003/12/11 12:10:37, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 23925) [2003/12/11 12:10:37, 3] smbd/ipc.c:reply_trans(514) trans \PIPE\ data=88 params=0 setup=2 [2003/12/11 12:10:37, 3] smbd/ipc.c:named_pipe(326) named pipe command on name [2003/12/11 12:10:37, 3] smbd/ipc.c:api_fd_reply(288) Got API command 0x26 on pipe samr (pnum 75db)free_pipe_context: destroying talloc pool of size 0 [2003/12/11 12:10:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc
[Samba] samba-3 problem joining ws to domain
Howdi, I can't add a w2k workstation to samba3 domain with my username. If I add my username to admin users list, then I can add the box to domain (but overritten by euid). My goal is, that joining domain can be done without using admin users option. Groupmapping is done and works. When machine is in domain and log in, I get full admin rights on that box. Removing the box from domain works anytime. Error message in windows is: Logon failure: invalid user name or bad password. In log files (debuglevel 10) appear such lines: ... [2003/09/11 18:09:33, 5] lib/util_seaccess.c:se_access_check(331) se_access_check: access (211) denied. [2003/09/11 18:09:33, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) ... [2003/09/11 18:09:33, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_create_user: access check ((granted: 0x0201; required: 0x0010) [2003/09/11 18:09:33, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) ... When user is admin users list, then happens this... _samr_open_domain: ACCESS should be DENIED (requested: 0x0211) but overritten by euid == sec_initial_uid() ... after that, access is granted. Whats wrong? Could someone please say, what is wrong with my setup? # smb.conf passdb backend = ldapsam:ldaps://alfa.sf.lan, guest delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g add machine script = /usr/local/sbin/smbldap-computeradd.pl %u ldap suffix = dc=ehk,dc=lan ldap machine suffix = ou=Computers,dc=ehk,dc=lan,dc=ehk,dc=lan ldap user suffix = ou=Users,dc=ehk,dc=lan,dc=ehk,dc=lan ldap admin dn = cn=Manager,dc=ehk,dc=lan force user = %U force group = users # Unix username:khk_rauno.tuul User SID: S-1-5-21-1347305728-752463190-2852647101-3000 Primary Group SID:S-1-5-21-1347305728-752463190-2852647101-1443 # net groupmap list Domain Users (S-1-5-21-1347305728-752463190-2852647101-513) - domain_users Users (S-1-5-21-1347305728-752463190-2852647101-1443) - users Domain Admins (S-1-5-21-1347305728-752463190-2852647101-512) - domain_admins Administrators (S-1-5-21-1347305728-752463190-2852647101-1441) - administrators # domain_admins:x:200:khk_rauno.tuul domain_users:x:201:khk_rauno.tuul administrators:x:220:khk_rauno.tuul users:x:221: (these groups are stored in LDAP). I attached also 2 log files with those messages. Best regards, - Rauno Tuul - ... [2003/09/11 18:09:33, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_open_domain: access check ((granted: 0x0030; required: 0x0020) [2003/09/11 18:09:33, 10] lib/util_seaccess.c:se_access_check(250) se_access_check: requested access 0x0211, for NT token with 15 entries and first sid S-1-5-21-1347305728-752463190-2852647101-3000. [2003/09/11 18:09:33, 3] lib/util_seaccess.c:se_access_check(267) [2003/09/11 18:09:33, 3] lib/util_seaccess.c:se_access_check(268) se_access_check: user sid is S-1-5-21-1347305728-752463190-2852647101-3000 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1443 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1427 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1431 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-513 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1447 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1449 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1451 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1407 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1409 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-512 se_access_check: also S-1-5-21-1347305728-752463190-2852647101-1441 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 20385, current desired = 211 se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-32-544 mask = f07ff, current desired = 10 se_access_check: ACE 2: type 0, flags = 0x00, SID = S-1-5-32-548 mask = f07ff, current desired = 10 [2003/09/11 18:09:33, 5] lib/util_seaccess.c:se_access_check(331) se_access_check: access (211) denied. [2003/09/11 18:09:33, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) ... [2003/09/11 18:09:33, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(106) _samr_create_user: access check ((granted: 0x0201; required: 0x0010) [2003/09/11 18:09:33, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010)