similar to: net rpc SeDiskOperatorPrivilege failing for domain user

Hi, I have a samba server setup as a domain member. I am trying to grant SeDiskOperatorPrivilege to some user accounts e.g. "domainaname\User", but I always get the above error. It doesnot matter what I specify as the server in -S option to the command. The command syntax I use is: net rpc rights grant "username" SeDiskOperatorPrivilege OR net -S ADserver -U

(Re-posting to list also.. Sorry forgot Cc. -Tom) Marc, Thanks for your help and clarifications. I was indeed addressing the domain controller (2012 R2) due to my misunderstanding. Addressing the request at the file server (Samba 4) to the file server fails too but with different errors. Rights list succeeds. $ net rpc rights list accounts -UDOMAIN\\Administrator Enter

I am having trouble giving the Domain Admin group the 'SeDiskOperatorPrivilege' privilege on a member server. Running 'net rpc rights list accounts -UAdministrator' Results in this: Enter Administrator's password: BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server

We’ve just recently moved over to Samba 4. It looks as if “force directory security mode” doesn’t work in samba 4. So I’m trying to setup the Windows ACLs on our groups share. I’ve been working on this for a few days. I’ve read over the docs, it seems like all the google links are purple and I’m still stuck. Hopefully someone here will have an idea. We’re running Windows 2008R2 for our AD

Mark, Below xxx.yyy. is my network prefix. [global] workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Server %v security = ADS client signing = auto client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/log.%m log level = 3 max log size = 50 load printers = No printcap name = /dev/null idmap config * :

On 25/03/15 19:40, Tim wrote: > Don't be scared and take the challenge! :-) > > Reduce your smb.conf to the minimum as seen in the member server wiki and try it again. It should work then. > > Am 25. M?rz 2015 14:47:16 MEZ, schrieb "Tom S?derlund" <tom.k.soderlund at gmail.com>: >> Tim, >> >> Thanks for the hint. Usermap for root applied,

I switched to rid module of idmapping and now winbind offers all groups and I can set SeDiskOperatorPrivilege. getent group and getent passwd are now working! Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307

I fail to set SeDiskOperatorPrivilege on a samba DM and I suspect the german umlauts: # wbinfo -g dom�nencomputer dom�nen-benutzer dom�nen-g�ste dom�nen-admins (bad locale, umlauts displayed as special ugly chars) but the group "domänen-admins" = "Domain Admins" is there. now: # net rpc rights grant "CUSTOMER\domänen-admins" SeDiskOperatorPrivilege -U

On 03/06/2019 12:29, Kacper Wirski via samba wrote: > Hello, > > Since nobody picked this up I will try to answer myself (hopefully > correctly). > > I think I just misread documentation on wiki, but I would really > appreciate a clarification. In the wiki it states: > > "To enable other accounts than the domain administrator to set > permissions on Windows,

root at aphrodite:/# net rpc rights list accounts -U'DOMAIN\administrator' Enter DOMAIN\administrator's password: BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege

Hello, I've been setting up new file server using samba 4.8.3 (centos 7 RPM), as samba 4 AD member server using my earlier smb.conf when I realised that I was  previously somewhat circumventing the SeDiskOperatorPrivilege by using "admin users map" to SAMDOM\Domain admins" parameter in smb.conf. I decided to change my smb.conf and setup shares following samba wiki. All

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmm why, the guy at https://raymii.org/s/tutorials/SAMBA_Share_with_Active_Directory_Login_o n_Ubuntu_12.04.html does exactly this. Also the manpage e.g. for smb.conf describes the config for a connection to an AD. And after granting file rights to the share via setfacl -m g:domänen-admins:rwx /var/samba/test I can mkdir and granting rights to

Tim, Thanks for the hint. Usermap for root applied, locally made requests fail now systematically with "Could not connect to server <server address> Connection failed: NT_STATUS_LOCK_NOT_GRANTED" It is kind of improvement :) Random things scare me. -Tom On Tue, Mar 24, 2015 at 7:40 PM, Tim <lists at kiuni.de> wrote: > Hi Tom, > > have a look at this: >

When I switch back to backend ad, getent passwd returns nothing - getent group only returns by adding a dedicated group name. There is at least one user and one group with Id set in ad. Am 9. Januar 2015 16:29:39 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 15:19, Tim wrote: >> I switched to rid module of idmapping and now winbind offers all >>

I have sssd configured and working with my domain member server and I now wish to grant the SeDiskOperatorPrivilege to the "MYDOMAIN\Domain Admins" group. When I execute the command it appears to disregard the domain name and grant the privileges to the group "Unix Group\domain admins" net rpc rights list accounts -U'MYDOMAIN\administrator' Enter

Sorry, I have to correct: libnss_winbind.so.2 is located in /lib64 Thanks Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 >and function level 2008_R2. This one works so far and I can manage the >AD from a

That's what I tried to say. I set the gid/uid attribs in Unix tab. Am 9. Januar 2015 16:44:28 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 15:40, Tim wrote: >> When I switch back to backend ad, getent passwd returns nothing - >> getent group only returns by adding a dedicated group name. >> There is at least one user and one group with

Kind regards, Henry McLaughlin 0411 444 363 (Mobile) henry at incred.com.au PO Box 329 Romsey VIC 3434 On 15 January 2016 at 23:24, Rowland penny <rpenny at samba.org> wrote: > On 15/01/16 12:08, Henry McLaughlin wrote: > >> >> >> On 15 January 2016 at 22:28, Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>> wrote: >>

Hello all, I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 and function level 2008_R2. This one works so far and I can manage the AD from a windows client. Now I setup a member server based on CentOS7 with sernet samba 4.1.14 just like the wiki advises with the same smb.conf (realm etc is configured to my needs. I joined the AD and configured nsswitch. wbinfo works so far

On 20 January 2016 at 06:43, Rowland penny <rpenny at samba.org> wrote: > On 19/01/16 19:34, Henry McLaughlin wrote: > >> I have sssd configured and working with my domain member server and I now >> wish to grant the SeDiskOperatorPrivilege to the "MYDOMAIN\Domain Admins" >> group. When I execute the command it appears to disregard the domain name >>