[Samba] samba join failed: LDAP_INSUFFICIENT_ACCESS_RIGHTS -- SeEnableDelegationPrivilege
Sami Hulkko
sahulkko at gmail.com
Wed Apr 23 17:31:57 UTC 2025
Hi,
Naturally that what Rowland suggest is the right way. If nothing else
works, add user to sudo and try.
SH
On 23/04/2025 13.09, Rowland Penny via samba wrote:
> On Wed, 23 Apr 2025 12:58:57 +0300
> Sami Hulkko via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> One can in samba DC system add Administrator to sudo group if like
>> Rowland Penny mentioned has the uid, gid, home folder and default
>> shell settings set and therefore capable to login to samba system.
>> samba-tool if I recollect right can add these attributes to user and
>> with Windows 11 RSAT tools in 'Active directory Users and Computers'
>> one needs to enable 'Advanced Features' from view menu to have access
>> to 'Atribute Editor' where one can add them too. With sudo rights the
>> Administrator can run commands with ease and no folder rights
>> problems.
>>
> Yes you could do that, but that will just get you Administrator running
> commands as root via sudo, so why bother ? Every Samba AD DC maps
> Administrator to id '0' in idmap.ldb unless you give Administrator a
> uidNumber.
>
> In my opinion, you should only use Administrator on Windows and
> Samba-AD DCs when running samba-tool, but even then, it would be better
> to follow AD best practice and use a member of Domain Admins instead.
>
> Rowland
>
--
Sami Hulkko
+358 45 8569 319
sahulkko at gmail.com
sahulkko at icloud.com
More information about the samba
mailing list