Hi Marc, Am 19.09.2013 21:07, schrieb Marc Muehlfeld:
Am 19.09.2013 16:27, schrieb Thomas Besser:have a samba4 server as AD member (security =ADS). I have no account with "Domain Admin" rights, only a normal account with delegated privilege to managing GPO and for domain join. I can not manage the printserver resp. upload the win drivers. The smb.conf option 'printer admin' is gone with v4.Have a look at the print server HowTo, I wrote: http://wiki.samba.org/index.php/Samba_as_a_print_server
I know that.But "net rpc rights list accounts -Uadministrator" let me estimate, that there samba4 is running as AD PDC!?
So in my environment samba4 is running as "AD member", a so called user 'Administrator' is not there.
I have a 'root' accont on linux, but this user is not known in AD (Windows 2008 R2).
Also I tried to grant the SePrintOperatorPrivilege to a normal domain user. Got also stuck.What went wrong? http://wiki.samba.org/index.php/Samba_as_a_print_server#Granting_print_operator_privileges
net rpc rights grant "DOM\admin" SePrintOperatorPrivilege -U myaccount Enter myaccount's password: Failed to grant privileges for DOM\admin (NT_STATUS_ACCESS_DENIED) 'myaccount' has no "Domain Admin" privileges, so the error is logically.I also tried that command with the help of a "Domain Admin", but same error message.
Every time the net command wants the 'root' password, but root is unknown in the AD environment: net rpc group addmem "SAMBASERVER\Administrators" Enter root's password: Could not connect to server 127.0.0.1 The username or password was not correct. Connection failed: NT_STATUS_LOGON_FAILURE.... -Uadministrator ?
That account does IMO not exist, because of AD member! The same with 'root'. Regards Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Linux] [Info Cyrus] [LARTC] [Bugtraq] [Netfilter] [Internet Dating Forums] [RAID] [Yosemite News] [Photography]