[Samba] SeDiskOperatorPrivilege - NT_STATUS_NO_SUCH_PRIVILEGE

Steffen Weißgerber steffen at weiszgerber.de
Thu Oct 1 12:49:22 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 28.09.2015 um 13:22 schrieb Rowland Penny:
> On 28/09/15 11:30, Steffen Weißgerber wrote:
> Hello,
> 
> after configuring kerberos and winbind for authentication against an A
D
> (Window 2008 R2) and succesful launching getent passwd I followed the
> instructions https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> for granting the SeDiskOperatorPrivilege.
> But I get a failure with a NT_STATUS_NO_SUCH_PRIVILEGE error.
> 
> net rpc rights list accounts -U'<Domain>\Administrator' -I<AD-host>
> does not list the SeDiskOperatorPrivilege.
> 
> Why this is missing?
> 
> Nevertheless creating directories and granting access to these to
> other AD accounts works well.
> 
> The global section of my smb.conf is as follows:
> 
> [global]
>     workgroup = DKDB
>     server string = Samba Test
>     security = ads
>     realm = DKDB.KN
>     winbind use default domain = yes
>     winbind refresh tickets = yes
>     max protocol = SMB2
>     hide unreadable = yes
>     idmap config * : backend = rid
>     idmap config * : range = 10000-20000
>     #syslog only = yes
>     disable netbios = yes
>     log file = /var/log/samba/log.%m
>     log level = 3
>     max log size = 50
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
> 
> Thanks
> 
> Steffen
>>
> 
> I don't know if this is your problem, but you seem to have incorrect
> 'idmap config' lines, I would expect to see something like this:
> 
> idmap config * : backend = tdb
> idmap config * : range = 2000-9999
> idmap config DKDB : backend = rid
> idmap config DKDB : range = 10000-20000
> 
> Rowland
> 
> 

Hi,

I changed the global section to

   idmap config * : backend = tdb
   idmap config * : range = 2000-9999
   idmap config DKDB : backend = rid
   idmap config DKDB : range = 10000-20000

and restartet samba (smbd, sinbind). But that did not change anything.
Is the samba version I use (3.6.25) relevant for this?

Regards

Steffen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYNK9IACgkQCrEAdFsLhMeJnwCg30N9EO3mQQWQ8OnELVxlljCR
epEAoOymVJzBBK/bnTHTDyCUccve53VW
=kcIg
-----END PGP SIGNATURE-----

More information about the samba mailing list