[Samba] Print Operator Rights in AD environment
dharknes at umd.umich.edu
Mon Dec 1 17:58:07 GMT 2008
net sam addmember gives me "Adding local group member failed with
I added root to my local smbpasswd file but if I attempt to use the
account I get NT_STATUS_LOGON_FAILURE.
More information might help. Or it might just confuse the situation.
I am running winbind but not using nss_winbind. This is an old Samba/
unix domain that I'm integrating into an existing AD domain, so I have
all the user's posix information in ldap and have this in my smb.conf
idmap domains = ADS Domain
idmap config ADSROOT:backend = nss
idmap config ADSROOT:default = yes
Oh and to confuse the matter a bit more, the AD is setup to use pass
thru authentication to an external kerberos realm.
On Dec 1, 2008, at 12:11 PM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Derek Harkness wrote:
>> I am attempting to set the SePrintOperatorPrivilege right on my
>> RHEL 5.2
>> samba server and need some guidance. The samba box is currently
>> to an AD forest in which I have a delegated OU, I do not have a
>> Admin account. Samba seems to want/need an Admin account in order to
>> make changes to the server configuration such as rights.
>> So the question is. Is there away to set a local administrator
>> or to map my AD account to a local administrator?
> if you are running Winbind, then add your account to
> the BUILTIN\Administrators group (net sam addmem Administrators <you>"
> Or you can temporarily enable a root in Samba's account db.
> cheers, jerry
> - --
> Samba ------- http://www.samba.org
> Likewise Software --------- http://www.likewisesoftware.com
> "What man is a man who does not make the world better?" --Balian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
More information about the samba