[Samba] Member Server SeDiskOperatorPrivilege

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 9 07:21:32 MST 2015

On 09/01/15 13:47, Tim wrote:
> Hello all,
> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 and function level 2008_R2. This one works so far and I can manage the AD from a windows client.
> Now I setup a member server based on CentOS7 with sernet samba 4.1.14 just like the wiki advises with the same smb.conf (realm etc is configured to my needs. I joined the AD and configured nsswitch.
> wbinfo works so far but getent passwd or getent group doesn't list domain objects. getent group testgroup1 works, but getent passwd testuser1 does not.
> I created a share in smb.conf. Now I want to set the SeDiskOperatorPrivilege like the wiki advises.
> But it doesn't work. It says that it can't connect to server I tried it with
> net rpc rights grant 'DOM\Domain Admins' SeDiskOperatorPrivilege -U'DOM\administrator'
> Now I can not access the server from windows to set share permissions.
> What to do? The wiki told nothing about kerberos so I did not do anything to it.
> Thanks in advance

Hi, you appear to be the second person in two days having a similar, if 
not the same problem with the sernet packages. I don't think it is a 
kerberos problem, can you check if you have 'libnss_winbind.so.2' anywhere.


More information about the samba mailing list