[Samba] Member Server SeDiskOperatorPrivilege
Rowland Penny
rowlandpenny at googlemail.com
Fri Jan 9 08:29:39 MST 2015
On 09/01/15 15:19, Tim wrote:
> I switched to rid module of idmapping and now winbind offers all
> groups and I can set SeDiskOperatorPrivilege.
>
> getent group and getent passwd are now working!
>
>
>
> Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny
> <rowlandpenny at googlemail.com>:
>
> On 09/01/15 13:47, Tim wrote:
>
> Hello all, I have a AD DC based on CentOS7 with sernet samba
> 4.1.14 with rfc2307 and function level 2008_R2. This one works
> so far and I can manage the AD from a windows client. Now I
> setup a member server based on CentOS7 with sernet samba
> 4.1.14 just like the wiki advises with the same smb.conf
> (realm etc is configured to my needs. I joined the AD and
> configured nsswitch. wbinfo works so far but getent passwd or
> getent group doesn't list domain objects. getent group
> testgroup1 works, but getent passwd testuser1 does not. I
> created a share in smb.conf. Now I want to set the
> SeDiskOperatorPrivilege like the wiki advises. But it doesn't
> work. It says that it can't connect to server 127.0.0.1
> <http://127.0.0.1>. I tried it with net rpc rights grant
> 'DOM\Domain Admins' SeDiskOperatorPrivilege
> -U'DOM\administrator' Now I can not access the server from
> windows to set share permissions. What to do? The wiki told
> nothing about kerberos so I did not do anything to it. Thanks
> in advance
>
>
> Hi, you appear to be the second person in two days having a similar, if
> not the same problem with the sernet packages. I don't think it is a
> kerberos problem, can you check if you have 'libnss_winbind.so <http://winbind.so>.2' anywhere.
>
> Rowland
>
I take it from this, that you do not have any uidNumber or gidNumber
attributes in AD.
Rowland
More information about the samba
mailing list