[Samba] net rpc rights grant: NT_STATUS_ACCESS_DENIED

Ryan Suarez ryan.suarez at sheridanc.on.ca
Mon Sep 7 22:35:40 MDT 2009

Thanks for the response.

Gerald Carter wrote:
> Ryan,
>> hmm, the best option for me is to ask the AD administrator to grant the
>> samba SePrintOperatorPrivilege directly to the user object in Active
>> Directory.  Where is this added in AD and what is this privilege called?
> The user rights database is maintained in Samba's passdb.  If
> you are getting ACCESS_DENIED from smbd when you run 'net rpc
> rights grant', it is because the account you are connecting as
> does not have admin privileges as the Samba box.

The samba host is a domain member server (security=ADS) with winbind for 
user accounts.   Where is this user rights database stored and what is 
the tool to assign admin privileges?

# /usr/local/samba/bin/wbinfo -i testpc1
testpc1:*:10726:10005:testpc1 papercut 

# groups testpc1
testpc1 : root

# /usr/local/samba/bin/net rpc rights grant testpc1 
SePrintOperatorPrivilege -U testpc1
Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED)



More information about the samba mailing list