samba - Mar 2015 - SeDiskOperatorPrivilege and 2012 R2 domain

Giving a domain user group privilege SeDiskOperatorPrivilege fails with
NT_STATUS_NO_SUCH_PRIVILEGE.

The domain is controlled by a MS 2012 R2 DC. Has this privilege been
renamed or replaced with some other privilege? How to give the domain user
group necessary rights for defining file share permission settings from MS
environment?

The RHEL 7 file server is running Samba 4.1.1-38 and the id management is
done by SSSD 1.12.2.

Thanks for any ideas,
-Tom

Hello Tom,

Am 23.03.2015 um 21:31 schrieb Tom S?derlund:
> Giving a domain user group privilege SeDiskOperatorPrivilege fails with
> NT_STATUS_NO_SUCH_PRIVILEGE.
>
> The domain is controlled by a MS 2012 R2 DC. Has this privilege been
> renamed or replaced with some other privilege? How to give the domain user
> group necessary rights for defining file share permission settings from MS
> environment?
>
> The RHEL 7 file server is running Samba 4.1.1-38 and the id management is
> done by SSSD 1.12.2.

The grant is done on the member server. So the privilege something on 
the member server and not on the DC.

Have you ensured, that "enable privleges" is not turned off somewhere
in
your smb.conf? If it's not there, then it's enabled - that's the
default.


What is the output of
# net rpc rights list accounts -U'SAMDOM\administrator'

To grant the privilege to the Domain Admins group, for example, run:
# net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege 
-U'SAMDOM\administrator'


Regards,
Marc