[Samba] SeDiskOperatorPrivilege - NT_STATUS_NO_SUCH_PRIVILEGE

Steffen WeiƟgerber steffen at weiszgerber.de
Mon Sep 28 10:30:50 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

after configuring kerberos and winbind for authentication against an AD
(Window 2008 R2) and succesful launching getent passwd I followed the
instructions https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
for granting the SeDiskOperatorPrivilege.
But I get a failure with a NT_STATUS_NO_SUCH_PRIVILEGE error.

net rpc rights list accounts -U'<Domain>\Administrator' -I<AD-host>
does not list the SeDiskOperatorPrivilege.

Why this is missing?

Nevertheless creating directories and granting access to these to
other AD accounts works well.

The global section of my smb.conf is as follows:

[global]
   workgroup = DKDB
   server string = Samba Test
   security = ads
   realm = DKDB.KN
   winbind use default domain = yes
   winbind refresh tickets = yes
   max protocol = SMB2
   hide unreadable = yes
   idmap config * : backend = rid
   idmap config * : range = 10000-20000
   #syslog only = yes
   disable netbios = yes
   log file = /var/log/samba/log.%m
   log level = 3
   max log size = 50
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes

Thanks

Steffen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlYJFtoACgkQCrEAdFsLhMcDpACfUwrOhTV16672SoPvHRhpCSAV
K0QAnjJSD0Oz8bSmvCtw7CReoXNWZOrK
=DhYx
-----END PGP SIGNATURE-----



More information about the samba mailing list