[Samba] RSAT Hang

Gregory Sloop gregs at sloop.net
Tue May 22 16:08:31 UTC 2018

RPvs> On Mon, 21 May 2018 17:15:21 -0700
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:

>> See Inline

>> LPHvBvs> Hi Gregory, 

>> LPHvBvs> On the questions.
>> >> Is there a good reason to avoid Samba internal DNS?
>> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in
>> LPHvBvs> my lan for other setups also.

>> LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works
>> LPHvBvs> fine. 

>> LPHvBvs> I do have questions to get a better impression of the setup. 
>> LPHvBvs> Whats the os your using with RSAT and did u use
>> LPHvBvs> DOM\Administrator or an other account? 
>> LPHvBvs> Check if Adminsitrator has id 0. (root)

>> W7P, on a station not joined to the domain. But using this kind of
>> launch. runas /netonly /user:someco-adc1\administrator
>> "mmc /server=someco-adc1.ad.sncc.local." [The names are defined in
>> the hosts file, on the W7 box.]

>> LPHvBvs> Is there anything showing up in the windows event logs? 

>> No.

>> LPHvBvs> Are the SePrivileges checked if the needed groups/users

>> [But mine don't appear to have "NTDOM\Domain Admins" - which seems
>> odd.]

>> SeRemoteShutdownPrivilege:
>>   BUILTIN\Administrators
>>   BUILTIN\Server Operators
>> SePrintOperatorPrivilege:
>> SeAddUsersPrivilege:
>> SeDiskOperatorPrivilege:
>> SeSecurityPrivilege:
>>   BUILTIN\Administrators

RPvs> The important one is 'SeDiskOperatorPrivilege' and, as you can see,
RPvs> nothing has this privilege.

RPvs> I would expect something like this:

RPvs> SeDiskOperatorPrivilege:
RPvs>   SAMDOM\Administrator
RPvs>   BUILTIN\Administrators
RPvs>   SAMDOM\Unix Admins

RPvs> NOTE: I use the 'Unix Admins' group instead of 'Domain Admins', this
RPvs> way I can give 'Unix Admins' a gidNumber and 'Domain Admins' can be
RPvs> both a group and a user on a DC.

I was under the impression that during provision that the Administrator account got all the domain [and other] "root" privs by default. If that's the case, why doesn't Administrator have the privs we'd expect? [Perhaps I misunderstand what Administrator starts with after an initial provision.]

As to your prior message - the FreeNAS box isn't part of the setup yet. I'm just trying to get the user and computer accounts I'll need to join the NAS to AD ready. 


More information about the samba mailing list