Try doing the "net rpc rights" as a
Ti Leggett wrote:
However the following fails:
net -S localhost rpc rights grant "CI\Domain Admins" SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege
Reading through the logs, everything appears to be fine until it goes to
assign privileges. Here's a snip from the logs (log level = 10):
<snip>
Try doing the "net rpc rights grant" as a domain admin ("-U username") instead of as root. The Samba HOWTO states, "You must be connected as a member of the Domain Admins group to be able to grant or revoke privileges assigned to an account. This capability is inherent to the Domain Admins group and is not configurable."[2005/05/02 12:09:43, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) 0000 status: NT_STATUS_ACCESS_DENIED
The LDAP logs show everything successful and there's no MODs trying to
occur.
Granting rights as root doesn't seem to work. (At least, it doesn't for me.) I don't know if that's intentional or not; the HOWTO also states, "Access as the root user (UID=0) bypasses all privilege checks," which seems to contradict the previous statement and seems to imply that not working for root is a bug.
Josh Kelley // -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
