[Samba] Unable to set SeDiskOperatorPrivilege

[Henry McLaughlin]

On 15 January 2016 at 21:32, Rowland penny <rpenny at samba.org> wrote:

> On 15/01/16 09:07, Henry McLaughlin wrote:
>
>> root at aphrodite:/# net rpc rights list accounts -U'DOMAIN\administrator'
>> Enter DOMAIN\administrator's password:
>> BUILTIN\Print Operators
>> No privileges assigned
>>
>> BUILTIN\Account Operators
>> No privileges assigned
>>
>> BUILTIN\Backup Operators
>> No privileges assigned
>>
>> BUILTIN\Server Operators
>> No privileges assigned
>>
>> BUILTIN\Administrators
>> SeMachineAccountPrivilege
>> SeTakeOwnershipPrivilege
>> SeBackupPrivilege
>> SeRestorePrivilege
>> SeRemoteShutdownPrivilege
>> SePrintOperatorPrivilege
>> SeAddUsersPrivilege
>> SeDiskOperatorPrivilege
>> SeSecurityPrivilege
>> SeSystemtimePrivilege
>> SeShutdownPrivilege
>> SeDebugPrivilege
>> SeSystemEnvironmentPrivilege
>> SeSystemProfilePrivilege
>> SeProfileSingleProcessPrivilege
>> SeIncreaseBasePriorityPrivilege
>> SeLoadDriverPrivilege
>> SeCreatePagefilePrivilege
>> SeIncreaseQuotaPrivilege
>> SeChangeNotifyPrivilege
>> SeUndockPrivilege
>> SeManageVolumePrivilege
>> SeImpersonatePrivilege
>> SeCreateGlobalPrivilege
>> SeEnableDelegationPrivilege
>>
>> Everyone
>> No privileges assigned
>>
>> root at aphrodite:/# getent passwd administrator
>> administrator:*:1904600500:1904600513:Administrator:/home/
>> AD.DOMAIN.COM.AU/administrator:
>>
>> root at aphrodite:/# getent group "Domain Admins"
>> domain admins:*:1904600512:administrator
>>
>> root at aphrodite:/# net rpc rights grant 'DOMAIN\Domain Admins'
>> SeDiskOperatorPrivilege -U'DOMAIN\administrator'
>> Enter DOMAIN\administrator's password:
>> Failed to grant privileges for DOMAIN\Domain Admins
>> (NT_STATUS_ACCESS_DENIED)
>> root at aphrodite:/#
>>
>
> Have you by any chance given Administrator a uidNumber ?
>

Yes, 10000

Was that wrong?

>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>