[Samba] Print Operator Rights in AD environment

Derek Harkness dharknes at umd.umich.edu
Mon Dec 1 17:58:07 GMT 2008 

net sam addmember gives me "Adding local group member failed with  
NT_STATUS_NO_SUCH_ALIAS".

I added root to my local smbpasswd file but if I attempt to use the  
account I get NT_STATUS_LOGON_FAILURE.

More information might help.  Or it might just confuse the situation.

I am running winbind but not using nss_winbind.  This is an old Samba/ 
unix domain that I'm integrating into an existing AD domain, so I have  
all the user's posix information in ldap and have this in my smb.conf

idmap domains = ADS Domain
idmap config ADSROOT:backend = nss
idmap config ADSROOT:default = yes

Oh and to confuse the matter a bit more, the AD is setup to use pass  
thru authentication to an external kerberos realm.

Thanks,
Derek

On Dec 1, 2008, at 12:11 PM, Gerald (Jerry) Carter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Derek Harkness wrote:
>> I am attempting to set the SePrintOperatorPrivilege right on my  
>> RHEL 5.2
>> samba server and need some guidance.  The samba box is currently  
>> joined
>> to an AD forest in which I have a delegated OU, I do not have a  
>> Domain
>> Admin account.  Samba seems to want/need an Admin account in order to
>> make changes to the server configuration such as rights.
>>
>> So the question is.  Is there away to set a local administrator  
>> account
>> or to map my AD account to a local administrator?
>
> if you are running Winbind, then add your account to
> the BUILTIN\Administrators group (net sam addmem Administrators <you>"
>
> Or you can temporarily enable a root in Samba's account db.
>
>
>
> cheers, jerry
> - --
> =====================================================================
> Samba                                    ------- http://www.samba.org
> Likewise Software          ---------  http://www.likewisesoftware.com
> "What man is a man who does not make the world better?"      --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJNBqnIR7qMdg1EfYRAtQcAJwNjbWFB93Ulhqnv8LABdKfxkwQzgCfZVK7
> 8Umn5en2HjdmEO0DsO741so=
> =S6/3
> -----END PGP SIGNATURE-----

More information about the samba mailing list