[Samba] no access to share permission on a domain member
MARTIN boris
martin-boris at wanadoo.fr
Fri Oct 23 09:03:15 UTC 2015
hi all , i have a domain server with a test share on it.
But i can't find the way to manage it via windows.
when i try to modify something on the share permission part, i get a access deny error.
if i put the server in debug mod i get
_srvsvc_NetShareSetInfo: uid 10001 doesn't have the SeDiskOperatorPrivilege privilege needed to modify share demoshare
uid 10001 being the uid of the administrator of the AD
but if i do :
wbinfo -i administrator
administrator:*:10001:20000:Administrator:/home/Administrator:/bin/sh
getent passwd | grep 10001
administrator:*:10001:20000:Administrator:/home/Administrator:/bin/sh
net rpc rights list administrator -U 'XXXX\administrator' -I 'xxxx.bla.fr'
i get :
SeDiskOperatorPrivilege
I have successfuly fix my trouble with this line :
username map = /etc/samba/user.map
that i have add to my smb.conf file with user map having the single line
!root = XXXX\Administrator XXXX\administrator
and doing the following command line :
net rpc rights grant 'XXXX\Domain Admins' SeDiskOperatorPrivilege -U'administrator'
so i have one question :
1) first is the SeDiskOperatorPrivilege a AD range flag, or a server range flag ?
And a call to help cause i have reach the end of my own knowledge on samba.
2) why do i need to play with user.map when to my point of view winbind is supposed to do the job
3) is there a way to make thing working without playing with the username map command
thanks for your help.
More information about the samba
mailing list