[Samba] net rpc rights list
Rowland penny
rpenny at samba.org
Tue Jan 19 19:43:10 UTC 2016
On 19/01/16 19:34, Henry McLaughlin wrote:
> I have sssd configured and working with my domain member server and I now
> wish to grant the SeDiskOperatorPrivilege to the "MYDOMAIN\Domain Admins"
> group. When I execute the command it appears to disregard the domain name
> and grant the privileges to the group "Unix Group\domain admins"
>
> net rpc rights list accounts -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
>
> ...
> Unix Group\domain admins
> No privileges assigned
>
> net rpc rights grant 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege
> -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
> Successfully granted rights.
>
> net rpc rights list accounts -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
>
> ...
> Unix Group\domain admins
> SeDiskOperatorPrivilege
>
> net rpc rights revoke 'MYDOMAIN\Domain Admins' SeDiskOperatorPrivilege
> -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
> Successfully revoked rights.
>
> net rpc rights list accounts -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
>
> ...
> Unix Group\domain admins
> No privileges assigned
>
>
> Below I have completely removed the domain name from the command and still
> get the same outcome.
>
> net rpc rights grant 'Domain Admins' SeDiskOperatorPrivilege
> -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
> Successfully granted rights.
>
> net rpc rights list accounts -U'MYDOMAIN\administrator'
> Enter MYDOMAIN\administrator's password:
>
> ...
> Unix Group\domain admins
> SeDiskOperatorPrivilege
>
> Does this behaviour appear correct or am I missing something in my config
> that identifies the domain name?
I don't know, I cannot see your smb.conf from here.
Rowland
More information about the samba
mailing list