[Samba] Why would "net rpc rights grant" fail ?
Koenraad Lelong
samba.k.lelong at ace-electronics.be
Mon Apr 14 02:58:41 MDT 2014
op 11-04-14 15:29, L.P.H. van Belle schreef:
> Hai,
>
>
> The base is always Administrator, this is because of the user mapping root = ... see below..
> I'll go modify the script for that. Can you tell which server/script this is ?
>
> Can you try to run it like this.
>
> net rpc rights grant YOURDOMAIN\\AdminKoen SeDiskOperatorPrivilege -UAdministrator
> ( -U administrator is needed to make it work, its used to authenticate to you can set the privileges. )
>
> And for full admin rights, add the all the SEPrivileges to AdminKoen.
> when you run it outside the script you can also kinit Administrator first.
>
> also check if the file in /etc/samba/samba_usermapping exist.
> !root = YOURDOMAIN\Administrator YOURDOMAIN\administrator
>
> If you want to have AdminKoen run as "root" , wel there is only 1 root ( Administrator )
> then you can change it in the samba_usermapping file.
>
> im guessing you have this problem on the member server? that was also the hard one to get working.
>
> Adding a windows 7 pc ( dutch ) should not be any problem, i joined 32bit and 64bit.
> but i did use the user DOMAIN\Administrator for the join.
> Adminsitrator on the pc is disabled.
>
> So if in look at your problem.
> Your you trying to get AdminKoen to be "root" or just a extra domain admin.
> if only as extra domain admin, the adding him to "domain admin" should be sufficient.
> and do not disable Administrator.. samba uses it also in the back ground
> see the /var/lib/samba/private/named.conf.update
>
> Can you try again and report back?
>
>
> Best regards,
>
> Louis
Hi,
To clarify : I used Admikoen because Administrator could do nothing when
used with the script. I used what I thought was the password for
Administrator. I even set it again (using Admikoen as Domain Admin) and
then copied the new tdb-files over to the new server. Using that
password, all tests failed.
Now I just found out that when I use the root-password (linux-root from
the samba3 PDC) for the Administrator in the script, I only have the
"net rpc rights grant ..." error.
I then added a usermapping but the error is still there :
==========SE Privileges ===============================
Giving group Domain Admins the SeDiskOperatorPrivilege rights.
Enter Administrator's password:
Could not connect to server 127.0.0.1
Connection failed: NT_STATUS_INVALID_NETWORK_RESPONSE
Maybe related : in my samba3-domain, Administrator can't log in although
there is a usermapping : root = administrator. I don't remember doing
anything to disable Administrator on samba3, but it's more than 5 years
ago. On the samba3 domain, I can login as root though.
I'm using 1-setup-sernet-samba4-ADDC-wheezy.sh, although I don't know if
it's the latest version. I downloaded it last monday.
I modified it to do a classicupgrade and to use the ubuntu sernet-packages.
All this is on a test-server that will become the prime AD-DC, not a
member server.
Anyway,
Many thanks for the help.
Koenraad.
More information about the samba
mailing list