[Samba] SeDiskOperatorPrivilege - NT_STATUS_NO_SUCH_PRIVILEGE

mathias dufresne infractory at gmail.com
Thu Oct 1 13:07:37 UTC 2015


As far as I understood this privilege is available only for domains which
are Active Directory domains.
As you are using Samba 3.6 you shouldn't have AD domain but NT4 domain.

2015-10-01 14:49 GMT+02:00 Steffen Weißgerber <steffen at weiszgerber.de>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Am 28.09.2015 um 13:22 schrieb Rowland Penny:
> > On 28/09/15 11:30, Steffen Weißgerber wrote:
> > Hello,
> >
> > after configuring kerberos and winbind for authentication against an A
> D
> > (Window 2008 R2) and succesful launching getent passwd I followed the
> > instructions https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> > for granting the SeDiskOperatorPrivilege.
> > But I get a failure with a NT_STATUS_NO_SUCH_PRIVILEGE error.
> >
> > net rpc rights list accounts -U'<Domain>\Administrator' -I<AD-host>
> > does not list the SeDiskOperatorPrivilege.
> >
> > Why this is missing?
> >
> > Nevertheless creating directories and granting access to these to
> > other AD accounts works well.
> >
> > The global section of my smb.conf is as follows:
> >
> > [global]
> >     workgroup = DKDB
> >     server string = Samba Test
> >     security = ads
> >     realm = DKDB.KN
> >     winbind use default domain = yes
> >     winbind refresh tickets = yes
> >     max protocol = SMB2
> >     hide unreadable = yes
> >     idmap config * : backend = rid
> >     idmap config * : range = 10000-20000
> >     #syslog only = yes
> >     disable netbios = yes
> >     log file = /var/log/samba/log.%m
> >     log level = 3
> >     max log size = 50
> >     vfs objects = acl_xattr
> >     map acl inherit = Yes
> >     store dos attributes = Yes
> >
> > Thanks
> >
> > Steffen
> >>
> >
> > I don't know if this is your problem, but you seem to have incorrect
> > 'idmap config' lines, I would expect to see something like this:
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 2000-9999
> > idmap config DKDB : backend = rid
> > idmap config DKDB : range = 10000-20000
> >
> > Rowland
> >
> >
>
> Hi,
>
> I changed the global section to
>
>    idmap config * : backend = tdb
>    idmap config * : range = 2000-9999
>    idmap config DKDB : backend = rid
>    idmap config DKDB : range = 10000-20000
>
> and restartet samba (smbd, sinbind). But that did not change anything.
> Is the samba version I use (3.6.25) relevant for this?
>
> Regards
>
> Steffen
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlYNK9IACgkQCrEAdFsLhMeJnwCg30N9EO3mQQWQ8OnELVxlljCR
> epEAoOymVJzBBK/bnTHTDyCUccve53VW
> =kcIg
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list