[Samba] net rpc rights grant: NT_STATUS_ACCESS_DENIED
Ryan Suarez
ryan.suarez at sheridanc.on.ca
Mon Sep 7 22:35:40 MDT 2009
Thanks for the response.
Gerald Carter wrote:
> Ryan,
>
>> hmm, the best option for me is to ask the AD administrator to grant the
>> samba SePrintOperatorPrivilege directly to the user object in Active
>> Directory. Where is this added in AD and what is this privilege called?
>>
>
> The user rights database is maintained in Samba's passdb. If
> you are getting ACCESS_DENIED from smbd when you run 'net rpc
> rights grant', it is because the account you are connecting as
> does not have admin privileges as the Samba box.
>
The samba host is a domain member server (security=ADS) with winbind for
user accounts. Where is this user rights database stored and what is
the tool to assign admin privileges?
# /usr/local/samba/bin/wbinfo -i testpc1
testpc1:*:10726:10005:testpc1 papercut
test:/home/REALM/testpc1:/usr/bin/tcsh
# groups testpc1
testpc1 : root
# /usr/local/samba/bin/net rpc rights grant testpc1
SePrintOperatorPrivilege -U testpc1
Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED)
smb.conf:
http://pastebin.ca/1554626
-Ryan
More information about the samba
mailing list