[Samba] RSAT Hang
Rowland Penny
rpenny at samba.org
Tue May 22 09:48:12 UTC 2018
On Mon, 21 May 2018 17:15:21 -0700
Gregory Sloop via samba <samba at lists.samba.org> wrote:
> See Inline
>
> LPHvBvs> Hi Gregory,
>
> LPHvBvs> On the questions.
> >> Is there a good reason to avoid Samba internal DNS?
> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in
> LPHvBvs> my lan for other setups also.
>
> LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works
> LPHvBvs> fine.
>
> LPHvBvs> I do have questions to get a better impression of the setup.
> LPHvBvs> Whats the os your using with RSAT and did u use
> LPHvBvs> DOM\Administrator or an other account?
> LPHvBvs> Check if Adminsitrator has id 0. (root)
>
> W7P, on a station not joined to the domain. But using this kind of
> launch. runas /netonly /user:someco-adc1\administrator
> "mmc /server=someco-adc1.ad.sncc.local." [The names are defined in
> the hosts file, on the W7 box.]
>
> LPHvBvs> Is there anything showing up in the windows event logs?
>
> No.
>
> LPHvBvs> Are the SePrivileges checked if the needed groups/users
> [But mine don't appear to have "NTDOM\Domain Admins" - which seems
> odd.]
>
> SeRemoteShutdownPrivilege:
> BUILTIN\Administrators
> BUILTIN\Server Operators
> SePrintOperatorPrivilege:
> SeAddUsersPrivilege:
> SeDiskOperatorPrivilege:
> SeSecurityPrivilege:
> BUILTIN\Administrators
The important one is 'SeDiskOperatorPrivilege' and, as you can see,
nothing has this privilege.
I would expect something like this:
SeDiskOperatorPrivilege:
SAMDOM\Administrator
BUILTIN\Administrators
SAMDOM\Unix Admins
NOTE: I use the 'Unix Admins' group instead of 'Domain Admins', this
way I can give 'Unix Admins' a gidNumber and 'Domain Admins' can be
both a group and a user on a DC.
Rowland
More information about the samba
mailing list