[Samba] RSAT Hang

Rowland Penny rpenny at samba.org
Tue May 22 09:48:12 UTC 2018

On Mon, 21 May 2018 17:15:21 -0700
Gregory Sloop via samba <samba at lists.samba.org> wrote:

> See Inline
> LPHvBvs> Hi Gregory, 
> LPHvBvs> On the questions.
> >> Is there a good reason to avoid Samba internal DNS?
> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in
> LPHvBvs> my lan for other setups also.
> LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works
> LPHvBvs> fine. 
> LPHvBvs> I do have questions to get a better impression of the setup. 
> LPHvBvs> Whats the os your using with RSAT and did u use
> LPHvBvs> DOM\Administrator or an other account? 
> LPHvBvs> Check if Adminsitrator has id 0. (root)
> W7P, on a station not joined to the domain. But using this kind of
> launch. runas /netonly /user:someco-adc1\administrator
> "mmc /server=someco-adc1.ad.sncc.local." [The names are defined in
> the hosts file, on the W7 box.]
> LPHvBvs> Is there anything showing up in the windows event logs? 
> No.
> LPHvBvs> Are the SePrivileges checked if the needed groups/users

> [But mine don't appear to have "NTDOM\Domain Admins" - which seems
> odd.]
> SeRemoteShutdownPrivilege:
>   BUILTIN\Administrators
>   BUILTIN\Server Operators
> SePrintOperatorPrivilege:
> SeAddUsersPrivilege:
> SeDiskOperatorPrivilege:
> SeSecurityPrivilege:
>   BUILTIN\Administrators

The important one is 'SeDiskOperatorPrivilege' and, as you can see,
nothing has this privilege.

I would expect something like this:

  SAMDOM\Unix Admins

NOTE: I use the 'Unix Admins' group instead of 'Domain Admins', this
way I can give 'Unix Admins' a gidNumber and 'Domain Admins' can be
both a group and a user on a DC.


More information about the samba mailing list