similar to: SeDiskOperatorPrivilege and 2012 R2 domain

(Re-posting to list also.. Sorry forgot Cc. -Tom) Marc, Thanks for your help and clarifications. I was indeed addressing the domain controller (2012 R2) due to my misunderstanding. Addressing the request at the file server (Samba 4) to the file server fails too but with different errors. Rights list succeeds. $ net rpc rights list accounts -UDOMAIN\\Administrator Enter

Tim, Thanks for the hint. Usermap for root applied, locally made requests fail now systematically with "Could not connect to server <server address> Connection failed: NT_STATUS_LOCK_NOT_GRANTED" It is kind of improvement :) Random things scare me. -Tom On Tue, Mar 24, 2015 at 7:40 PM, Tim <lists at kiuni.de> wrote: > Hi Tom, > > have a look at this: >

On 25/03/15 19:40, Tim wrote: > Don't be scared and take the challenge! :-) > > Reduce your smb.conf to the minimum as seen in the member server wiki and try it again. It should work then. > > Am 25. M?rz 2015 14:47:16 MEZ, schrieb "Tom S?derlund" <tom.k.soderlund at gmail.com>: >> Tim, >> >> Thanks for the hint. Usermap for root applied,

Mark, Below xxx.yyy. is my network prefix. [global] workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Server %v security = ADS client signing = auto client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/log.%m log level = 3 max log size = 50 load printers = No printcap name = /dev/null idmap config * :

Don't be scared and take the challenge! :-) Reduce your smb.conf to the minimum as seen in the member server wiki and try it again. It should work then. Am 25. M?rz 2015 14:47:16 MEZ, schrieb "Tom S?derlund" <tom.k.soderlund at gmail.com>: >Tim, > >Thanks for the hint. Usermap for root applied, locally made requests >fail >now systematically with

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 28.09.2015 um 13:22 schrieb Rowland Penny: > On 28/09/15 11:30, Steffen Weißgerber wrote: > Hello, > > after configuring kerberos and winbind for authentication against an A D > (Window 2008 R2) and succesful launching getent passwd I followed the > instructions https://wiki.samba.org/index.php/Shares_with_Windows_ACLs > for

Hi Tom, have a look at this: https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting I think this could resolve your problem by using a username mapping on your member server. Regards Tim Am 24. M?rz 2015 18:34:12 MEZ, schrieb "Tom S?derlund" <tom.k.soderlund at gmail.com>: >Mark, > >Below xxx.yyy. is my network prefix. > >[global] > workgroup

As far as I understood this privilege is available only for domains which are Active Directory domains. As you are using Samba 3.6 you shouldn't have AD domain but NT4 domain. 2015-10-01 14:49 GMT+02:00 Steffen Weißgerber <steffen at weiszgerber.de>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am 28.09.2015 um 13:22 schrieb Rowland Penny: > > On 28/09/15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hmm why, the guy at https://raymii.org/s/tutorials/SAMBA_Share_with_Active_Directory_Login_o n_Ubuntu_12.04.html does exactly this. Also the manpage e.g. for smb.conf describes the config for a connection to an AD. And after granting file rights to the share via setfacl -m g:domänen-admins:rwx /var/samba/test I can mkdir and granting rights to

Hello Tom, Am 24.03.2015 um 08:49 schrieb Tom S?derlund: > $ net rpc rights grant 'DOMAIN\Domain Admins' SeDiskOperatorPrivilege > -UDOMAIN\\Administrator > Enter DOMAIN\Administrator's password: > Failed to grant privileges for DOMAIN\Domain Admins > (NT_STATUS_ACCESS_DENIED) > > $ net rpc rights grant 'DOMAIN\Unix-admins' SeDiskOperatorPrivilege >

When setting file permissions from MS environment to a file on a Samba4 share, it can be made in clear text with human readable user/group names and the rights seem to work. However when checking the permissions again from an MS environment, instead of human readable user/group names there are plain SID numbers in their place and there is an icon apparently signifying an unknown SID. How to keep

Am 29.04.2015 um 12:58 schrieb L.P.H. van Belle: > so tell us what are your errors? > > It's hard to help without them. > Please post your smb.conf ( sanitized ) and your resolv.conf and hosts file. > and.. > you can try the command : > net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege -U'SAMDOM\administrator' -S servername.fqdn > >

I am running a file server off OEL7.1, domain member in a Windows AD. The machine was joined using realm join. Samba version is 4.1.12 from the yum repo. I am using SSSD, so no winbind here. net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege -U'SAMDOM\administrator' does not work with the errors described in

On 01/10/15 14:32, Steffen Weißgerber wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hmm why, > > the guy at > https://raymii.org/s/tutorials/SAMBA_Share_with_Active_Directory_Login_o > n_Ubuntu_12.04.html > does exactly this. > > Also the manpage e.g. for smb.conf describes the config for a connection > to an AD. > > And after granting file

On 30/04/15 09:05, Sebastian Gabler wrote: > There is something to add. Listing existing rights (any rights that > is, thus using the current, root, user) fails with the same problem: > > # net rpc rights list > Enter root's password: > Could not connect to server 127.0.0.1 > The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE >

I am logged into a new test Linux server with my personal admin account. It is a member of a Linux group which has been mapped to Domain Admins. When I issue 'net rpc rights grant auserid SeMachineAccountPrivilege' and enter the password for my personal admin account, I am returned that it failed with NT_STATUS_NO_SUCH_PRIVILEGE. 'auserid' is both a Linux account and has been

I'm having issues with a couple of areas of Samba Setup. I can see (from my Win 8.1 workstation) the shares for the server for my test share \\p30\download<file:///\\p30\download> and \\p30\bietz<file:///\\p30\bietz> my home folder. I don't have permissions to access the folders and/or can't create or delete files. I had an upgraded Active Directory domain from Windows

Hi, I have recently upgraded to 3.0.11 and the new user privileges worked fine. Since I applied the user privileges and trust patch, I am now unable to grant privileges to users or groups. The error I am getting is Failed to grant privileges for longhill\Domain Admins (NT_STATUS_NO_SUCH_PRIVILEGE) I have tried all 5 privileges and I get the same error. I suspect it has something to do with

I have samba installed and joined to a Windows domain as a member server. I would like windows admins to be able to manage shares. I have followed the docs on samba.org and I am on the last step which is to run net rpc rights grant 'SAMDOM\Domain Admins' SeDiskOperatorPrivilege -U'SAMDOM\administrator' but it fails with an access denied error. So my question is: 1.What user

Hello, I am striving to give out globally to our developers a way to debug their C++ applications, but I do not want to give them Admin rights on the individual workstations. I thought I found the light when reading on MSDN that to debug users need to be members of the "Debugger Users" group (according to VS.Net). This group seems to be created with a random SID when installing