[Samba] Can not grant SeMachineAccountPrivilege on Debian Etch

[Michael Lueck]

I am testing out Debian Etch, and ran into an issue granting SeMachineAccountPrivilege to an account... which granting that permission had been troublesome in the past.

The command I am issuing is:

net rpc rights grant LDS-DEMO\\ldsinst SeMachineAccountPrivilege

And I try running the command with an account that is a member of the "Domain Admins" group.

The command returns:
Failed to grant privileges for LDS-DEMO\ldsinst (NT_STATUS_ACCESS_DENIED)

In the past when this has failed, the "only" way to get it to work was to:
1) Stop Samba

2) rm /var/lib/samba/group_mapping.tdb

3) Start Samba

4) Rerun initGrps.sh which does...
# Map Windows Domain Groups to UNIX groups
net groupmap modify ntgroup="Domain Admins"  unixgroup=domadmin
net groupmap modify ntgroup="Domain Users"   unixgroup=domusers
net groupmap modify ntgroup="Domain Guests"  unixgroup=domguest

5) Run the "net rpc rights..." command

But not even that fixes it.

Ideas? Thanks,

-- 
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/