From 8eebd925b26c4592eba1773a94379f891ead6144 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 1 Aug 2006 14:46:08 +0000 Subject: r17364: Another NT4 join bug: The idealx tools set the primary group sid, and if we do an update_sam_account later on, we want to also set it using the delete/add method. As the idealx tools use the replace method, they don't care about what has been in there before. Jerry, this is a likely 3.0.23b candidate. Not merging, it's your call :-) Volker (This used to be commit f002a3633892fc040f0a6d076723c660bb82a41a) --- source3/rpc_server/srv_samr_nt.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) (limited to 'source3/rpc_server/srv_samr_nt.c') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index bb5e7dbce4..ec3630ec26 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3338,13 +3338,20 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25, copy_id25_to_sam_passwd(pwd, id25); + /* write the change out */ + if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { + TALLOC_FREE(pwd); + return status; + } + /* - * The funny part about the previous two calls is - * that pwd still has the password hashes from the - * passdb entry. These have not been updated from - * id21. I don't know if they need to be set. --jerry + * We need to "pdb_update_sam_account" before the unix primary group + * is set, because the idealx scripts would also change the + * sambaPrimaryGroupSid using the ldap replace method. pdb_ldap uses + * the delete explicit / add explicit, which would then fail to find + * the previous primaryGroupSid value. */ - + if ( IS_SAM_CHANGED(pwd, PDB_GROUPSID) ) { status = pdb_set_unix_primary_group(mem_ctx, pwd); if ( !NT_STATUS_IS_OK(status) ) { @@ -3352,16 +3359,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, SAM_USER_INFO_25 *id25, } } - /* Don't worry about writing out the user account since the - primary group SID is generated solely from the user's Unix - primary group. */ - - /* write the change out */ - if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); - return status; - } - /* WARNING: No TALLOC_FREE(pwd), we are about to set the password * hereafter! */ -- cgit