[Samba] SeDiskOperatorPrivilege - NT_STATUS_NO_SUCH_PRIVILEGE
Steffen Weißgerber
steffen at weiszgerber.de
Thu Oct 1 12:49:22 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 28.09.2015 um 13:22 schrieb Rowland Penny:
> On 28/09/15 11:30, Steffen Weißgerber wrote:
> Hello,
>
> after configuring kerberos and winbind for authentication against an A
D
> (Window 2008 R2) and succesful launching getent passwd I followed the
> instructions https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> for granting the SeDiskOperatorPrivilege.
> But I get a failure with a NT_STATUS_NO_SUCH_PRIVILEGE error.
>
> net rpc rights list accounts -U'<Domain>\Administrator' -I<AD-host>
> does not list the SeDiskOperatorPrivilege.
>
> Why this is missing?
>
> Nevertheless creating directories and granting access to these to
> other AD accounts works well.
>
> The global section of my smb.conf is as follows:
>
> [global]
> workgroup = DKDB
> server string = Samba Test
> security = ads
> realm = DKDB.KN
> winbind use default domain = yes
> winbind refresh tickets = yes
> max protocol = SMB2
> hide unreadable = yes
> idmap config * : backend = rid
> idmap config * : range = 10000-20000
> #syslog only = yes
> disable netbios = yes
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 50
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> Thanks
>
> Steffen
>>
>
> I don't know if this is your problem, but you seem to have incorrect
> 'idmap config' lines, I would expect to see something like this:
>
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config DKDB : backend = rid
> idmap config DKDB : range = 10000-20000
>
> Rowland
>
>
Hi,
I changed the global section to
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config DKDB : backend = rid
idmap config DKDB : range = 10000-20000
and restartet samba (smbd, sinbind). But that did not change anything.
Is the samba version I use (3.6.25) relevant for this?
Regards
Steffen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlYNK9IACgkQCrEAdFsLhMeJnwCg30N9EO3mQQWQ8OnELVxlljCR
epEAoOymVJzBBK/bnTHTDyCUccve53VW
=kcIg
-----END PGP SIGNATURE-----
More information about the samba
mailing list