[Samba] no access to share permission on a domain member

[MARTIN boris]

hi all , i have a domain server with a test share on it.

But i can't find the way to manage it via windows.

when i try to modify something on the share permission part, i get a access deny error.

if i put the server in debug mod i get 

_srvsvc_NetShareSetInfo: uid 10001 doesn't have the SeDiskOperatorPrivilege privilege needed to modify share demoshare

uid 10001 being the uid of the administrator of the AD

but if i do :

wbinfo -i administrator
administrator:*:10001:20000:Administrator:/home/Administrator:/bin/sh
getent passwd | grep 10001
administrator:*:10001:20000:Administrator:/home/Administrator:/bin/sh

net rpc rights list administrator -U 'XXXX\administrator' -I 'xxxx.bla.fr'

i get :

SeDiskOperatorPrivilege

I have successfuly fix my trouble with this line :

username map = /etc/samba/user.map

that i have add to my smb.conf file with user map having the single line

!root = XXXX\Administrator XXXX\administrator

and doing the following command line :

net rpc rights grant 'XXXX\Domain Admins' SeDiskOperatorPrivilege -U'administrator'

so i have one question :

1) first is the SeDiskOperatorPrivilege a AD range flag, or a server range flag ?

And a call to help cause i have reach the end of my own knowledge on samba.

2) why do i need to play with user.map when to my point of view winbind is supposed to do the job

3) is there a way to make thing working without playing with the username map command



thanks for your help.