[Samba] net rpc rights list
Henry McLaughlin
henry at incred.com.au
Tue Jan 19 19:34:59 UTC 2016
I have sssd configured and working with my domain member server and I now
wish to grant the SeDiskOperatorPrivilege to the "MYDOMAIN\Domain Admins"
group. When I execute the command it appears to disregard the domain name
and grant the privileges to the group "Unix Group\domain admins"
net rpc rights list accounts -U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
...
Unix Group\domain admins
No privileges assigned
net rpc rights grant 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege
-U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
Successfully granted rights.
net rpc rights list accounts -U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
...
Unix Group\domain admins
SeDiskOperatorPrivilege
net rpc rights revoke 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege
-U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
Successfully revoked rights.
net rpc rights list accounts -U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
...
Unix Group\domain admins
No privileges assigned
Below I have completely removed the domain name from the command and still
get the same outcome.
net rpc rights grant 'Domain Admins' SeDiskOperatorPrivilege
-U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
Successfully granted rights.
net rpc rights list accounts -U'MYDOMAIN\administrator'
Enter MYDOMAIN\administrator's password:
...
Unix Group\domain admins
SeDiskOperatorPrivilege
Does this behaviour appear correct or am I missing something in my config
that identifies the domain name?
More information about the samba
mailing list