[Samba] RSAT Hang

Gregory Sloop gregs at sloop.net
Tue May 22 16:08:31 UTC 2018 


RPvs> On Mon, 21 May 2018 17:15:21 -0700
RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote:

>> See Inline

>> LPHvBvs> Hi Gregory, 

>> LPHvBvs> On the questions.
>> >> Is there a good reason to avoid Samba internal DNS?
>> LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in
>> LPHvBvs> my lan for other setups also.

>> LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works
>> LPHvBvs> fine. 

>> LPHvBvs> I do have questions to get a better impression of the setup. 
>> LPHvBvs> Whats the os your using with RSAT and did u use
>> LPHvBvs> DOM\Administrator or an other account? 
>> LPHvBvs> Check if Adminsitrator has id 0. (root)

>> W7P, on a station not joined to the domain. But using this kind of
>> launch. runas /netonly /user:someco-adc1\administrator
>> "mmc /server=someco-adc1.ad.sncc.local." [The names are defined in
>> the hosts file, on the W7 box.]

>> LPHvBvs> Is there anything showing up in the windows event logs? 

>> No.

>> LPHvBvs> Are the SePrivileges checked if the needed groups/users

>> [But mine don't appear to have "NTDOM\Domain Admins" - which seems
>> odd.]

>> SeRemoteShutdownPrivilege:
>>   BUILTIN\Administrators
>>   BUILTIN\Server Operators
>> SePrintOperatorPrivilege:
>> SeAddUsersPrivilege:
>> SeDiskOperatorPrivilege:
>> SeSecurityPrivilege:
>>   BUILTIN\Administrators

RPvs> The important one is 'SeDiskOperatorPrivilege' and, as you can see,
RPvs> nothing has this privilege.

RPvs> I would expect something like this:

RPvs> SeDiskOperatorPrivilege:
RPvs>   SAMDOM\Administrator
RPvs>   BUILTIN\Administrators
RPvs>   SAMDOM\Unix Admins

RPvs> NOTE: I use the 'Unix Admins' group instead of 'Domain Admins', this
RPvs> way I can give 'Unix Admins' a gidNumber and 'Domain Admins' can be
RPvs> both a group and a user on a DC.

I was under the impression that during provision that the Administrator account got all the domain [and other] "root" privs by default. If that's the case, why doesn't Administrator have the privs we'd expect? [Perhaps I misunderstand what Administrator starts with after an initial provision.]

As to your prior message - the FreeNAS box isn't part of the setup yet. I'm just trying to get the user and computer accounts I'll need to join the NAS to AD ready. 

TIA
-Greg

More information about the samba mailing list