[Samba] SePrintOperatorPrivilege NT_STATUS_LOGON_FAILURE
calm.job89448 at fastmail.com
calm.job89448 at fastmail.com
Wed Jun 5 15:25:52 UTC 2024
Hi Rowland,
thanks again.
On Wed, Jun 5, 2024, at 17:10, Rowland Penny via samba wrote:
>> I tried both. First sudo, as I setup everything with sudo and out of
>> curiosity with root. No luck.
>> Was it wrong to setup as user with sudo privileges?
>
> No, it should work, perhaps you have a dns problem. Can you please post
> the contents of:
> /etc/resolv.conf
domain mydomain.work
search mydomain.work
nameserver 10.1.1.1
nameserver 10.1.1.3
> /etc/hostname
prnt01
> /etc/hosts
127.0.0.1 localhost
10.1.1.33 prnt01.mydomain.work prnt01
> Can you also explain why there doesn't appear to be any 'idmap config'
> lines in your smb.conf ?
Sorry, thought I'd only post what I thought is relevant.
Here's the complete smb.conf
# Global parameters
[global]
security = ADS
workgroup = MYDOMAIN
realm = MYDOMAIN.WORK
server role = member server
log file = /var/log/samba/%m.log
bind interfaces only = yes
# Please substitute your own physical cards here:
interfaces = lo ens18
# Enable Group Policy application in winbind,
apply group policies = yes
# winbind config:
winbind use default domain = yes
# The following options are only useful for testing. Comment out in production.
# winbind enum users = yes
# winbind enum groups = yes
# Map Administrator to root
username map = /etc/samba/user.map
min domain uid = 0
# Kerberos
winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
# Configure shares using extended access control lists (ACL)
# Needed for Linux, as it does not support NFS4 ACLs
vfs objects = acl_xattr
map acl inherit = yes
acl_xattr:ignore system acls = yes
# Veto Files (do not allow these files in the server)
veto files = /Thumbs.db/.DS_Store/._.DS_Store/.com.apple*/.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at __desc>
delete veto files = yes
# Default ID mapping configuration for local BUILTIN accounts
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# idmap config for the MYDOMAIN domain using the rid backend
idmap config MYDOMAIN : backend = rid
idmap config MYDOMAIN : range = 10000-999999
# Printing options in [global] section of smb.conf
printing = CUPS
spoolss: architecture = Windows x64
load printers = yes
[printers]
path = /var/tmp/
printable = yes
[print$]
path = /var/lib/samba/printer_drivers/
read only = no
Thanks!
More information about the samba
mailing list