Re: Samba4 as AD member & local rights problem...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hi Marc,

Am 19.09.2013 21:07, schrieb Marc Muehlfeld:
Am 19.09.2013 16:27, schrieb Thomas Besser:
have a samba4 server as AD member (security =ADS). I have no account
with "Domain Admin" rights, only a normal account with delegated
privilege to managing GPO and for domain join.

I can not manage the printserver resp. upload the win drivers. The
smb.conf option 'printer admin' is gone with v4.

Have a look at the print server HowTo, I wrote:

I know that.

But "net rpc rights list accounts -Uadministrator" let me estimate, that there samba4 is running as AD PDC!?

So in my environment samba4 is running as "AD member", a so called user 'Administrator' is not there.

I have a 'root' accont on linux, but this user is not known in AD (Windows 2008 R2).

Also I tried to grant the SePrintOperatorPrivilege to a normal domain
user. Got also stuck.

What went wrong?

net rpc rights grant "DOM\admin" SePrintOperatorPrivilege -U myaccount
Enter myaccount's password:
Failed to grant privileges for DOM\admin (NT_STATUS_ACCESS_DENIED)

'myaccount' has no "Domain Admin" privileges, so the error is logically.

I also tried that command with the help of a "Domain Admin", but same error message.

Every time the net command wants the 'root' password, but root is
unknown in the AD environment:

net rpc group addmem "SAMBASERVER\Administrators"
Enter root's password:
Could not connect to server
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE

.... -Uadministrator ?

That account does IMO not exist, because of AD member! The same with 'root'.


To unsubscribe from this list go to the following URL and read the

[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux