[Samba] Few questions about members

L.P.H. van Belle belle at bazuin.nl
Fri Jun 6 07:52:51 MDT 2014 

Did you set the privileges on the member server. 

here you have them..  if you get a denied when attempting to apply them. 
add the file /etc/samba/samba_usermapping
!root = YOURDOMAIN\Administrator YOURDOMAIN\administrator

If you Administrator is not "Administrator, then change that in the above line or add them also.

and in smb.conf
   username map = /etc/samba/samba_usermapping

reload samba
and run : 

SETNTPASSWD="YourAdministratorPassword" 

echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator 
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeTakeOwnershipPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeBackupPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRestorePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeRemoteShutdownPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SePrintOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeAddUsersPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDiskOperatorPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSecurityPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemtimePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeShutdownPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeDebugPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemEnvironmentPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeSystemProfilePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeProfileSingleProcessPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseBasePriorityPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeLoadDriverPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreatePagefilePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeIncreaseQuotaPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeChangeNotifyPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeUndockPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeManageVolumePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeImpersonatePrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeCreateGlobalPrivilege -UAdministrator
echo ${SETNTPASSWD}| net rpc rights grant "${SETNTDOM}\Domain Admins" SeEnableDelegationPrivilege -UAdministrator

Greetz, 

Louis

 

>-----Oorspronkelijk bericht-----
>Van: campbell at cnpapers.com 
>[mailto:samba-bounces at lists.samba.org] Namens Steve Campbell
>Verzonden: vrijdag 6 juni 2014 15:09
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Few questions about members
>
>
>On 6/6/2014 8:47 AM, steve wrote:
>> On Fri, 2014-06-06 at 08:35 -0400, Steve Campbell wrote:
>>> On 6/5/2014 4:54 PM, steve wrote:
>>>> On Thu, 2014-06-05 at 15:58 -0400, Steve Campbell wrote:
>>>>
>>>>>> /etc/hostname
>>>>> No such file
>>>> create it with:
>>>> storage.ts.mystuff.com
>>>>
>>>> hostname -d
>>>>
>>>> Now try to read the shares.
>>>>
>>>>
>>> Still no luck. Permission denied. Error code 5 in Microsoft
>>> Administration tools.
>>>
>>> steve
>> How are you accessing the shares? Is the ws also joined to 
>the domain?
>> hostname -d
>> ?
>>
>>
>Yes the ws is in the domain. We're trying to use the Microsoft Active 
>Directory Manager for XP. We can see the member server in the 
>Users and 
>Computers. When we attempt to "manage" it, we're asked for a password 
>and then we get permission denied, error code 5.
>
>steve
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list