[Samba] Samba4 as AD member & local rights problem...
Thomas Besser
thomas.besser at kit.edu
Fri Sep 20 01:11:15 MDT 2013
Hi Marc,
Am 19.09.2013 21:07, schrieb Marc Muehlfeld:
> Am 19.09.2013 16:27, schrieb Thomas Besser:
>> have a samba4 server as AD member (security =ADS). I have no account
>> with "Domain Admin" rights, only a normal account with delegated
>> privilege to managing GPO and for domain join.
>>
>> I can not manage the printserver resp. upload the win drivers. The
>> smb.conf option 'printer admin' is gone with v4.
>
> Have a look at the print server HowTo, I wrote:
> http://wiki.samba.org/index.php/Samba_as_a_print_server
I know that.
But "net rpc rights list accounts -Uadministrator" let me estimate, that
there samba4 is running as AD PDC!?
So in my environment samba4 is running as "AD member", a so called user
'Administrator' is not there.
I have a 'root' accont on linux, but this user is not known in AD
(Windows 2008 R2).
>> Also I tried to grant the SePrintOperatorPrivilege to a normal domain
>> user. Got also stuck.
>
> What went wrong?
>
> http://wiki.samba.org/index.php/Samba_as_a_print_server#Granting_print_operator_privileges
net rpc rights grant "DOM\admin" SePrintOperatorPrivilege -U myaccount
Enter myaccount's password:
Failed to grant privileges for DOM\admin (NT_STATUS_ACCESS_DENIED)
'myaccount' has no "Domain Admin" privileges, so the error is logically.
I also tried that command with the help of a "Domain Admin", but same
error message.
>> Every time the net command wants the 'root' password, but root is
>> unknown in the AD environment:
>>
>> net rpc group addmem "SAMBASERVER\Administrators"
>> Enter root's password:
>> Could not connect to server 127.0.0.1
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>
> .... -Uadministrator ?
That account does IMO not exist, because of AD member! The same with 'root'.
Regards
Thomas
More information about the samba
mailing list