[Samba] net rpc rights grant fail to connect 127.0.0.1
Andrew Walker
walker.aj325 at gmail.com
Mon Jul 13 17:50:02 UTC 2020
On Mon, Jul 13, 2020 at 1:26 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 13/07/2020 18:18, Douglas G. Oechsler wrote:
> >
> > Hello!
> >
> > Ok! I switch the IP inside Member AD
> > > 127.0.0.1 localhost
> > *> 10.1.1.16 * E-PLANO.ad.mydomain.br <http://E-PLANO.ad.mydomain.br>
> > e-plano
> >
> > Only to clarify
> > 10.1.1.16 - AD Member - File server
> > 10.1.1.21 - Only AD-DC
> >
> > But, sorry!
> > Follow the wiki
> > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> >
> > The command:
> > # net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U
> "SAMDOM\administrator"
> > Enter SAMDOM\administrator's password:
> >
> > To grant rights, need to do it on the ad-dc side directly?
> >
> Did you miss the orange box containing:
>
> You need to grant the |SeDiskOperatorPrivilege| privilege on the Samba
> server that holds the share.
>
> Rowland
>
For cases where I want to allow an AD group other than Domain Admins to do
this stuff (and not bother with "net rpc" commands), I find it somewhat
easier to find the SID of the group and then add it as a foreign group of
BUILTIN\Administrators on the samba server with the shares a-la "net
groupmap addmem S-1-5-32-544 <sid of group>". This will make members of the
group local admins with all the benefits and dangers associated with it.
More information about the samba
mailing list