suresh.kandukuru at emc.com
2010-Sep-23 13:26 UTC
[Samba] net rpc SeDiskOperatorPrivilege failing for domain user
Dear experts, I am having following problem on samba server side . please help me . 1) our device is running with samba server , in order to allow Microsoft windows mmc to change samba share permissions I am giving SeDiskOperatorPrivilege ( net rpc rights grant admin SeDiskOperatorPrivilege) privilege to samba users. This is working fine as long as our device is in standalone work group mode. 2) it is giving the below problem when we move the device to some domain. I am logging into device with domain administrator account I know its password. ---------------- root at storage-2:/usr/local/samba/bin# ./net -U administrator -W emcsoho.local rpc rights grant administrator SeDiskOperatorPrivilege Enter administrator's password: Successfully granted rights. ------------ for another domain user "users1" it is failing with error NT_STATUS_ACCESS_DENIED. -------- root at storage-2:/usr/local/samba/bin# ./net -U administrator -W emcsoho.local rpc rights grant users1 SeDiskOperatorPrivilege Enter administrator's password: \Failed to grant privileges for users1 (NT_STATUS_ACCESS_DENIED) ----------- The above command Is working fine when I use the net command with "users1" account --------- root at storage-2:/usr/local/samba/bin# ./net -U users1 -W emcsoho.local rpc rights grant users1 SeDiskOperatorPrivilege Enter users1's password: Successfully granted rights. ------- The problem is my device does not know the domain users passwords. how to handle this situation?. How to give SeDiskOperatorPrivilege priviliege for the domain users from the device with domain administrator account. Thanks Suresh
Andrew Bartlett
2010-Sep-24 05:05 UTC
[Samba] net rpc SeDiskOperatorPrivilege failing for domain user
On Thu, 2010-09-23 at 09:26 -0400, suresh.kandukuru at emc.com wrote:> Dear experts, > I am having following problem on samba server side . please help me . > > 1) our device is running with samba server , in order to allow Microsoft windows mmc to change samba share permissions I am giving SeDiskOperatorPrivilege ( net rpc rights grant admin SeDiskOperatorPrivilege) privilege to samba users. > This is working fine as long as our device is in standalone work group mode.> ------- > The problem is my device does not know the domain users passwords. how to handle this situation?. How to give SeDiskOperatorPrivilege priviliege for the domain users from the device with domain administrator account.You need to grant the rights to the builtin administrators group. If everything is set up properly (and this may depend a little on what version you Samba you are running, and if you use winbind etc), when the domain admins log in to Samba, it will see that they are in the domain administrators group and add it to the builtin administrators group. You don't need to do this with 'net rpc' if you have access to the local box - just use 'net sam rights'. I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 190 bytes Desc: This is a digitally signed message part URL: <http://lists.samba.org/pipermail/samba/attachments/20100924/57983fde/attachment.pgp>
Reasonably Related Threads
- net rpc rights grant root SeDiskOperatorPrivilege failed with "Failed to grant privileges for root (NT_STATUS_ACCESS_DENIED)"
- SeDiskOperatorPrivilege and 2012 R2 domain
- Domain Admins and SeDiskOperatorPrivilege
- Can't set SeDiskOperatorPrivilege to Domain Admins. (NT_STATUS_NO_SUCH_USER) Error.
- SeDiskOperatorPrivilege and 2012 R2 domain