[Samba] net rpc rights grant: NT_STATUS_ACCESS_DENIED

Adam Nielsen adam.nielsen at uq.edu.au
Sun Sep 6 21:30:43 MDT 2009

>>> RE: "net rpc rights grant testpc1 SePrintOperatorPrivilege -U testpc1"
>>> Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED)
>>> samba_source_3.3.7 on redhat 5 64bit.  I have root on the samba
>>> server but I don't have admin access to active directory (hence the
>>> auth using testpc1).

So you have full access to Samba, but - I'm guessing - read only access
to AD?

>>> Does the user granting access need some sort of admin privilege in
>>> Active Directory? How do I grant this privilege on this samba host
>>> (for which I have root) since I don't have admin access in Active
>>> Directory?

Yes, if you want to change an object in Active Directory you will need
access to do so.  Unless your Samba host *is* the AD server, nothing
gets granted on the PC itself, all the permissions are maintained within AD.

You could either get the testpc1 account more access, or ask whoever
maintains your AD installation for delegated access so you can grant and
revoke permissions from objects you maintain (using -U your_username


More information about the samba mailing list