diff options
author | Volker Lendecke <vl@samba.org> | 2009-02-03 14:41:49 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-02-03 17:10:07 +0100 |
commit | f39371e3acc476397898a30f3bf3dac9d34fbb53 (patch) | |
tree | 2e171da27bd0b6b704017c33e370ffa1ff453770 | |
parent | 565bbfc5446c73de3f08ced5be07442f2732d6ce (diff) | |
download | samba-3.2.8.tar.gz |
s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.samba-3.2.8
This used to be commit fda8abac in master.
(cherry picked from commit 8ddb30ca90d31624ba86cd731f573aedad43face)
-rw-r--r-- | source/libnet/libnet_join.c | 7 | ||||
-rw-r--r-- | source/utils/net_rpc_join.c | 7 |
2 files changed, 10 insertions, 4 deletions
diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c index e7302b43f3e..c13ac9b769e 100644 --- a/source/libnet/libnet_join.c +++ b/source/libnet/libnet_join.c @@ -761,7 +761,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, pipe_hnd->cli->desthost, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_ACCESS_ENUM_DOMAINS + | SAMR_ACCESS_OPEN_DOMAIN, &sam_pol); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -769,7 +770,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 + | SAMR_DOMAIN_ACCESS_CREATE_USER + | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, r->out.domain_sid, &domain_pol); if (!NT_STATUS_IS_OK(status)) { diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c index b9d7d594fe3..0e8f47be637 100644 --- a/source/utils/net_rpc_join.c +++ b/source/utils/net_rpc_join.c @@ -239,14 +239,17 @@ int net_rpc_join_newstyle(int argc, const char **argv) CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx, pipe_hnd->cli->desthost, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_ACCESS_ENUM_DOMAINS + | SAMR_ACCESS_OPEN_DOMAIN, &sam_pol), "could not connect to SAM database"); CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 + | SAMR_DOMAIN_ACCESS_CREATE_USER + | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT, domain_sid, &domain_pol), "could not open domain"); |