[Samba] Re: 3.0.24 What commands must be executed by root verses
ntgroup="Domain Admins"?
Nik Conwell
nik at bu.edu
Tue May 1 17:49:51 GMT 2007
Michael Lueck <mlueck <at> lueckdatasystems.com> writes:
>
> I found the solution, or at least a work around, for my posting: "Can not
grant SeMachineAccountPrivilege
> on Debian Etch"
>
> I ended up:
> 1) ssh to Debian Etch as root
> 2) smbpasswd -a root
> 3) issue the "net rpc rights grant ..." command
> SUCCESS!!!
>
> So, that raises the question that what MUST be executed as user root verses a
member of ntgroup="Domain Admins"?
Funny you should bring this up. I've been having the same problem but my system
is security=ADS so I can't authenticate the local root user.
>From the source _lsa_add_acct_rights() is supposed to allow grant to members of
Domain Admins (RID 512) but that's apparently not working. se_access_check()
shows my account has a sid of [getlocalsid]-512 so I should be considered as a
member of Domain Admins. Time to start the debugging...
-nik
nik at bu.edu
More information about the samba
mailing list