[Samba] Print Operator Rights in AD environment
Derek Harkness
dharknes at umd.umich.edu
Mon Dec 1 17:58:07 GMT 2008
net sam addmember gives me "Adding local group member failed with
NT_STATUS_NO_SUCH_ALIAS".
I added root to my local smbpasswd file but if I attempt to use the
account I get NT_STATUS_LOGON_FAILURE.
More information might help. Or it might just confuse the situation.
I am running winbind but not using nss_winbind. This is an old Samba/
unix domain that I'm integrating into an existing AD domain, so I have
all the user's posix information in ldap and have this in my smb.conf
idmap domains = ADS Domain
idmap config ADSROOT:backend = nss
idmap config ADSROOT:default = yes
Oh and to confuse the matter a bit more, the AD is setup to use pass
thru authentication to an external kerberos realm.
Thanks,
Derek
On Dec 1, 2008, at 12:11 PM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Derek Harkness wrote:
>> I am attempting to set the SePrintOperatorPrivilege right on my
>> RHEL 5.2
>> samba server and need some guidance. The samba box is currently
>> joined
>> to an AD forest in which I have a delegated OU, I do not have a
>> Domain
>> Admin account. Samba seems to want/need an Admin account in order to
>> make changes to the server configuration such as rights.
>>
>> So the question is. Is there away to set a local administrator
>> account
>> or to map my AD account to a local administrator?
>
> if you are running Winbind, then add your account to
> the BUILTIN\Administrators group (net sam addmem Administrators <you>"
>
> Or you can temporarily enable a root in Samba's account db.
>
>
>
> cheers, jerry
> - --
> =====================================================================
> Samba ------- http://www.samba.org
> Likewise Software --------- http://www.likewisesoftware.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFJNBqnIR7qMdg1EfYRAtQcAJwNjbWFB93Ulhqnv8LABdKfxkwQzgCfZVK7
> 8Umn5en2HjdmEO0DsO741so=
> =S6/3
> -----END PGP SIGNATURE-----
More information about the samba
mailing list