[Samba] Member Server SeDiskOperatorPrivilege

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 9 08:29:39 MST 2015

On 09/01/15 15:19, Tim wrote:
> I switched to rid module of idmapping and now winbind offers all 
> groups and I can set SeDiskOperatorPrivilege.
> getent group and getent passwd are now working!
> Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny 
> <rowlandpenny at googlemail.com>:
>     On 09/01/15 13:47, Tim wrote:
>         Hello all, I have a AD DC based on CentOS7 with sernet samba
>         4.1.14 with rfc2307 and function level 2008_R2. This one works
>         so far and I can manage the AD from a windows client. Now I
>         setup a member server based on CentOS7 with sernet samba
>         4.1.14 just like the wiki advises with the same smb.conf
>         (realm etc is configured to my needs. I joined the AD and
>         configured nsswitch. wbinfo works so far but getent passwd or
>         getent group doesn't list domain objects. getent group
>         testgroup1 works, but getent passwd testuser1 does not. I
>         created a share in smb.conf. Now I want to set the
>         SeDiskOperatorPrivilege like the wiki advises. But it doesn't
>         work. It says that it can't connect to server
>         <>. I tried it with net rpc rights grant
>         'DOM\Domain Admins' SeDiskOperatorPrivilege
>         -U'DOM\administrator' Now I can not access the server from
>         windows to set share permissions. What to do? The wiki told
>         nothing about kerberos so I did not do anything to it. Thanks
>         in advance 
>     Hi, you appear to be the second person in two days having a similar, if
>     not the same problem with the sernet packages. I don't think it is a
>     kerberos problem, can you check if you have 'libnss_winbind.so  <http://winbind.so>.2' anywhere.
>     Rowland

I take it from this, that you do not have any uidNumber or gidNumber 
attributes in AD.


More information about the samba mailing list