[Samba] SeDiskOperatorPrivilege and 2012 R2 domain

Marc Muehlfeld mmuehlfeld at samba.org
Mon Mar 23 15:59:47 MDT 2015

Hello Tom,

Am 23.03.2015 um 21:31 schrieb Tom Söderlund:
> Giving a domain user group privilege SeDiskOperatorPrivilege fails with
> The domain is controlled by a MS 2012 R2 DC. Has this privilege been
> renamed or replaced with some other privilege? How to give the domain user
> group necessary rights for defining file share permission settings from MS
> environment?
> The RHEL 7 file server is running Samba 4.1.1-38 and the id management is
> done by SSSD 1.12.2.

The grant is done on the member server. So the privilege something on 
the member server and not on the DC.

Have you ensured, that "enable privleges" is not turned off somewhere in 
your smb.conf? If it's not there, then it's enabled - that's the default.

What is the output of
# net rpc rights list accounts -U'SAMDOM\administrator'

To grant the privilege to the Domain Admins group, for example, run:
# net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege 


More information about the samba mailing list