[Samba] roaming profiles and Documents and setting with non-standard Windows 2k3 administrator RID.....

Robert Steinmetz AIA rob at steinmetznet.com
Wed Jan 27 23:26:34 MST 2010 

I just tried that on my network.
I think the correct command is "net rpc rights grant"
Which seemed to work on the DC
But although geten and wbinfo work, I didn't get any of the domain users 
with this command. Shouldn't they be listed?

John H Terpstra wrote:
> On 01/27/2010 08:29 PM, Daniel R. Gore wrote:
>    
>> Because of the extremely restrictive security environment we work under,
>> our Windows Admins have disabled the administrator account on our Domain
>> and created a new account with administrator rights.  The result is that
>> the common RID of 500 which maps to the Linux UID and GID of 500 is no
>> longer valid.  This means that when the Windows Domain controller, via
>> the Domain Administrator (which has another name and RID) tries to make
>> an account on the samba share where the profiles are intended for, it
>> fails because Samba expects this to come from the well known RID of
>> 500.
>>
>> Is there any way to specify in Samba what RID number to expect and use
>> for Domain Administration  management?
>>
>> Thanks.
>>
>> Dan
>>      
> Dan,
>
> You can assign suitable rights and privileges using the "net" utility as
> follows:
>
> net rpc grant rights "DOMAIN\Group Name" SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege SeBackupPrivilege SeRestorePrivilege
> SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege
> SeDiskOperatorPrivilege -Uadministrator%password
>
> When correctly processed for domain group "Whatchamacallit" you will get
> something that looks like this:
>
> net rpc rights list accounts -Uwinadmin%n3v3rgessit
> BUILTIN\Print Operators
> No privileges assigned
>
> BUILTIN\Account Operators
> No privileges assigned
>
> BUILTIN\Backup Operators
> No privileges assigned
>
> BUILTIN\Server Operators
> No privileges assigned
>
> BUILTIN\Administrators
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
>
> Everyone
> No privileges assigned
> URDOMAIN\Whatchamacallit
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
>
>
> Yell if you need more help.
>
> Cheers,
> John T.
>    


-- 
Robert Steinmetz, AIA
Principal
Steinmetz & Associates

More information about the samba mailing list