[Samba] user to read replication status
Rowland penny
rpenny at samba.org
Thu May 6 19:19:13 UTC 2021
On 06/05/2021 19:28, Marcos Ariel Negrini via samba wrote:
> Hello:
> we are wanting to generate a user that has privileges to be able to
> perform the following operation:
> samba-tool drs showrepl -UUser
> We have been trying different privileges, from full tree reading, to
> schema administration, but we always get the following error:
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (8453,
> 'WERR_DS_DRA_ACCESS_DENIED')
> the only permission that obviously works is with domain administrator...
> Can you think of any particular permission we should give it? I did
> not find any info on this.
> Regards
>
>
Use sudo. Add the user as a sudo user and then run the command with the
machine key e..g. sudo samba-tool drs showrepl -P
Rowland
More information about the samba
mailing list