[Samba] net rpc SeDiskOperatorPrivilege failing for domain user

Andrew Bartlett abartlet at samba.org
Thu Sep 23 23:05:53 MDT 2010


On Thu, 2010-09-23 at 09:26 -0400, suresh.kandukuru at emc.com wrote:
> Dear experts,
>   I am having following problem on samba server side . please help me .
> 
> 1) our device is running with samba server , in order to  allow Microsoft windows mmc  to change samba share permissions I am giving  SeDiskOperatorPrivilege  ( net rpc  rights  grant  admin SeDiskOperatorPrivilege) privilege to samba users.
> This is working fine as  long as our device is in standalone work group mode.

> -------
> The problem is my device does not know the domain users passwords. how to handle this situation?. How to give SeDiskOperatorPrivilege  priviliege for the domain users  from the device with domain administrator account.

You need to grant the rights to the builtin administrators group.  If
everything is set up properly (and this may depend a little on what
version you Samba you are running, and if you use winbind etc), when the
domain admins log in to Samba, it will see that they are in the domain
administrators group and add it to the builtin administrators group. 

You don't need to do this with 'net rpc' if you have access to the local
box - just use 'net sam rights'. 

I hope this helps, 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba/attachments/20100924/57983fde/attachment.pgp>


More information about the samba mailing list