[Samba] SeDiskOperatorPrivilege - NT_STATUS_NO_SUCH_PRIVILEGE
mathias dufresne
infractory at gmail.com
Thu Oct 1 13:07:37 UTC 2015
As far as I understood this privilege is available only for domains which
are Active Directory domains.
As you are using Samba 3.6 you shouldn't have AD domain but NT4 domain.
2015-10-01 14:49 GMT+02:00 Steffen Weißgerber <steffen at weiszgerber.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Am 28.09.2015 um 13:22 schrieb Rowland Penny:
> > On 28/09/15 11:30, Steffen Weißgerber wrote:
> > Hello,
> >
> > after configuring kerberos and winbind for authentication against an A
> D
> > (Window 2008 R2) and succesful launching getent passwd I followed the
> > instructions https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> > for granting the SeDiskOperatorPrivilege.
> > But I get a failure with a NT_STATUS_NO_SUCH_PRIVILEGE error.
> >
> > net rpc rights list accounts -U'<Domain>\Administrator' -I<AD-host>
> > does not list the SeDiskOperatorPrivilege.
> >
> > Why this is missing?
> >
> > Nevertheless creating directories and granting access to these to
> > other AD accounts works well.
> >
> > The global section of my smb.conf is as follows:
> >
> > [global]
> > workgroup = DKDB
> > server string = Samba Test
> > security = ads
> > realm = DKDB.KN
> > winbind use default domain = yes
> > winbind refresh tickets = yes
> > max protocol = SMB2
> > hide unreadable = yes
> > idmap config * : backend = rid
> > idmap config * : range = 10000-20000
> > #syslog only = yes
> > disable netbios = yes
> > log file = /var/log/samba/log.%m
> > log level = 3
> > max log size = 50
> > vfs objects = acl_xattr
> > map acl inherit = Yes
> > store dos attributes = Yes
> >
> > Thanks
> >
> > Steffen
> >>
> >
> > I don't know if this is your problem, but you seem to have incorrect
> > 'idmap config' lines, I would expect to see something like this:
> >
> > idmap config * : backend = tdb
> > idmap config * : range = 2000-9999
> > idmap config DKDB : backend = rid
> > idmap config DKDB : range = 10000-20000
> >
> > Rowland
> >
> >
>
> Hi,
>
> I changed the global section to
>
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config DKDB : backend = rid
> idmap config DKDB : range = 10000-20000
>
> and restartet samba (smbd, sinbind). But that did not change anything.
> Is the samba version I use (3.6.25) relevant for this?
>
> Regards
>
> Steffen
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iEYEARECAAYFAlYNK9IACgkQCrEAdFsLhMeJnwCg30N9EO3mQQWQ8OnELVxlljCR
> epEAoOymVJzBBK/bnTHTDyCUccve53VW
> =kcIg
> -----END PGP SIGNATURE-----
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list