Hello, i updated my samba to version 3.0.20 on a suse 9.2 system. I thought, some new net rpc commands need samba 3.0.13. But I get faults with the command: amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege [2005/08/25 02:45:35, 0] param/loadparm.c:map_parameter(2536) Unknown parameter encountered: "enables privileges" [2005/08/25 02:45:35, 0] param/loadparm.c:lp_do_parameter(3277) Ignoring unknown parameter "enables privileges" Password: Could not connect to server 127.0.0.1 The username or password was not correct. amd:~ # testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: "enables privileges" Ignoring unknown parameter "enables privileges" I thought "enables privileges = Yes" is the rigth entry in smb.conf? Am I right? Best regards and many thanks in advance Andreas
Andreas Bauer wrote:> amd:~ # testparm > Load smb config files from /etc/samba/smb.conf > Unknown parameter encountered: "enables privileges" > Ignoring unknown parameter "enables privileges"Try... enable privileges = true ;-) -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ Remove the upper case letters NOSPAM to contact me directly.
Le Thu, Aug 25, 2005 at 02:58:30AM +0200, Andreas Bauer a ecrit:> I thought "enables privileges = Yes" is the rigth entry in smb.conf?try "enable" instead of "enables". -- Jerome
Jerome Tournier a ecrit:> try "enable" instead of "enables".Hello, thanks a lot, now testparm is running without a fault. But there is following error running the net rpc command: amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege Password: Could not connect to server 127.0.0.1 The username or password was not correct. But I can logon in my Domain with testuser10 with a XP CLient and I can join Windows Workstation to the Domain with the password of Administrator, who is a member of the Domain Admin Group and be requested at net rpc rights.........? The testuser10 is existing and a member of the Domain users group. Perhaps a problem with ACL rights? Many thanks in advance and best regards Andreas
Andreas Bauer wrote:> Hello, > thanks a lot, now testparm is running without a fault. > But there is following error running the net rpc command: > amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege > Password: > Could not connect to server 127.0.0.1 > The username or password was not correct.I am going to assume your security model is messed up at some level. Take a look at my presentation on setting up a Samba 3 PDC for Win2K clients and see if it helps you work through the permissions issue. ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf Note that the line: admin users = @domadmin is now deprecated since there are these "rights grant" options. So back that out of my sample config. Oh, and the correct syntax for granting permissions is as follows: net rpc rights grant mydomain\\theaccount SeMachineAccountPrivilege And you must be logged in to Linux with an account which is a member of the domain administrator group, thus you set up the accounts, groups, samba group mappings all before you can run this command as this command will utilize that security model. -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ Remove the upper case letters NOSPAM to contact me directly.
Thanks a lot Michael, I will study your script. There are many interesting themes inside. Thanks for your help. I have also integrated an openldap server with samba. There will be some more difficults with ACL rigths using net rpc. Andreas
Quoting Andreas Bauer <andreas_bauer@arcor.de>: I had this same problem two days ago. The problem was I had "invalid users = root" in my smb.conf (this comes by default in Debian). I just commmented that line and the problem disappeared.> Jerome Tournier a ecrit: >> try "enable" instead of "enables". > Hello, > thanks a lot, now testparm is running without a fault. > But there is following error running the net rpc command: > amd:~ # net rpc rights grant testuser10 SeMachineAccountPrivilege > Password: > Could not connect to server 127.0.0.1 > The username or password was not correct. > > > > But I can logon in my Domain with testuser10 with a XP CLient and I can join > Windows Workstation to the Domain with the password of Administrator, who is > a member of the Domain Admin Group and be requested at net rpc > rights.........? > The testuser10 is existing and a member of the Domain users group. > Perhaps a problem with ACL rights? > > Many thanks in advance and best regards > Andreas > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Apparently Analagous Threads
- Samba PDC LDAP HowTo 4 U
- What file gets corrupted in Samba when perms stop working correctly?
- Can not grant SeMachineAccountPrivilege on Debian Etch
- 3.0.24 What commands must be executed by root verses ntgroup="Domain Admins"?
- Using SeMachineAccountPrivilege returns NT_STATUS_NO_SUCH_PRIVILEGE