samba - Jan 2016 - Unable to set SeDiskOperatorPrivilege

root at aphrodite:/# net rpc rights list accounts
-U'DOMAIN\administrator'
Enter DOMAIN\administrator's password:
BUILTIN\Print Operators
No privileges assigned

BUILTIN\Account Operators
No privileges assigned

BUILTIN\Backup Operators
No privileges assigned

BUILTIN\Server Operators
No privileges assigned

BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege

Everyone
No privileges assigned

root at aphrodite:/# getent passwd administrator
administrator:*:1904600500:1904600513:Administrator:/home/
AD.DOMAIN.COM.AU/administrator:

root at aphrodite:/# getent group "Domain Admins"
domain admins:*:1904600512:administrator

root at aphrodite:/# net rpc rights grant 'DOMAIN\Domain Admins'
SeDiskOperatorPrivilege -U'DOMAIN\administrator'
Enter DOMAIN\administrator's password:
Failed to grant privileges for DOMAIN\Domain Admins
(NT_STATUS_ACCESS_DENIED)
root at aphrodite:/#

On 15/01/16 09:07, Henry McLaughlin wrote:
> root at aphrodite:/# net rpc rights list accounts
-U'DOMAIN\administrator'
> Enter DOMAIN\administrator's password:
> BUILTIN\Print Operators
> No privileges assigned
>
> BUILTIN\Account Operators
> No privileges assigned
>
> BUILTIN\Backup Operators
> No privileges assigned
>
> BUILTIN\Server Operators
> No privileges assigned
>
> BUILTIN\Administrators
> SeMachineAccountPrivilege
> SeTakeOwnershipPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeRemoteShutdownPrivilege
> SePrintOperatorPrivilege
> SeAddUsersPrivilege
> SeDiskOperatorPrivilege
> SeSecurityPrivilege
> SeSystemtimePrivilege
> SeShutdownPrivilege
> SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> SeSystemProfilePrivilege
> SeProfileSingleProcessPrivilege
> SeIncreaseBasePriorityPrivilege
> SeLoadDriverPrivilege
> SeCreatePagefilePrivilege
> SeIncreaseQuotaPrivilege
> SeChangeNotifyPrivilege
> SeUndockPrivilege
> SeManageVolumePrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
>
> Everyone
> No privileges assigned
>
> root at aphrodite:/# getent passwd administrator
> administrator:*:1904600500:1904600513:Administrator:/home/
> AD.DOMAIN.COM.AU/administrator:
>
> root at aphrodite:/# getent group "Domain Admins"
> domain admins:*:1904600512:administrator
>
> root at aphrodite:/# net rpc rights grant 'DOMAIN\Domain Admins'
> SeDiskOperatorPrivilege -U'DOMAIN\administrator'
> Enter DOMAIN\administrator's password:
> Failed to grant privileges for DOMAIN\Domain Admins
> (NT_STATUS_ACCESS_DENIED)
> root at aphrodite:/#
Have you by any chance given Administrator a uidNumber ?

Rowland

On 15 January 2016 at 21:32, Rowland penny <rpenny at samba.org> wrote:
> On 15/01/16 09:07, Henry McLaughlin wrote:
>
>> root at aphrodite:/# net rpc rights list accounts
-U'DOMAIN\administrator'
>> Enter DOMAIN\administrator's password:
>> BUILTIN\Print Operators
>> No privileges assigned
>>
>> BUILTIN\Account Operators
>> No privileges assigned
>>
>> BUILTIN\Backup Operators
>> No privileges assigned
>>
>> BUILTIN\Server Operators
>> No privileges assigned
>>
>> BUILTIN\Administrators
>> SeMachineAccountPrivilege
>> SeTakeOwnershipPrivilege
>> SeBackupPrivilege
>> SeRestorePrivilege
>> SeRemoteShutdownPrivilege
>> SePrintOperatorPrivilege
>> SeAddUsersPrivilege
>> SeDiskOperatorPrivilege
>> SeSecurityPrivilege
>> SeSystemtimePrivilege
>> SeShutdownPrivilege
>> SeDebugPrivilege
>> SeSystemEnvironmentPrivilege
>> SeSystemProfilePrivilege
>> SeProfileSingleProcessPrivilege
>> SeIncreaseBasePriorityPrivilege
>> SeLoadDriverPrivilege
>> SeCreatePagefilePrivilege
>> SeIncreaseQuotaPrivilege
>> SeChangeNotifyPrivilege
>> SeUndockPrivilege
>> SeManageVolumePrivilege
>> SeImpersonatePrivilege
>> SeCreateGlobalPrivilege
>> SeEnableDelegationPrivilege
>>
>> Everyone
>> No privileges assigned
>>
>> root at aphrodite:/# getent passwd administrator
>> administrator:*:1904600500:1904600513:Administrator:/home/
>> AD.DOMAIN.COM.AU/administrator:
>>
>> root at aphrodite:/# getent group "Domain Admins"
>> domain admins:*:1904600512:administrator
>>
>> root at aphrodite:/# net rpc rights grant 'DOMAIN\Domain
Admins'
>> SeDiskOperatorPrivilege -U'DOMAIN\administrator'
>> Enter DOMAIN\administrator's password:
>> Failed to grant privileges for DOMAIN\Domain Admins
>> (NT_STATUS_ACCESS_DENIED)
>> root at aphrodite:/#
>>
>
> Have you by any chance given Administrator a uidNumber ?
>
Yes, 10000

Was that wrong?
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>