[Samba] Administrative users on domain

Donny Brooks dbrooks at mdah.state.ms.us
Fri Jul 12 13:34:53 MDT 2013

Back in January we upgraded/moved our domain from an old install of samba and openldap to a newer version (samba 3.5.10 and openldap 2.4.23) while also moving our domain to a new name. On the old domain, which was setup before I got here, our IT section was in an ldap group that allowed us to join PC's to the domain and when the prompt came up in windows to install software we could log in as ourselves. However that is not the case on the new domain and I cannot figure out how to set that back up. I have looked at the docs on samba rights (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html) but it seems I am missing something since when I type:

net rpc rights grant 'MDAH\Domain Admins' SeMachineAccountPrivilege -S enterprise -U superusername

it returns:

Failed to grant privileges for MDAH\Domain Admins (NT_STATUS_NO_SUCH_USER)

superusername is our "superuser" account that we have to currently type in to join machines to join the domain. However when installing software we have to log in as local administrator or do a MACHINENAME\Administrator and it's password to install software. 

Any pointers?

Donny B.

More information about the samba mailing list