|
Problem description: I'm following the Setting up a share using Windows ACLs guide, but when I reach the section "Granting the SeDiskOperatorPrivilege Privilege" I get:code:
code:
Recent changes: This is a freshly spun up VM of CentOS 7. -- Operating system: CentOS 7 x64 with KDE. System specs: VM in Hyper-V assigned 1 CPU, 4GB RAM, and 100GB storage. Location: US I have Googled and read the FAQ: Yes
|
# ? Apr 2, 2019 16:53 |
|
|
# ? May 3, 2024 13:46 |
|
Are you setting this up as a standalone server or have you joined a AD Domain, are you using the server as an AD DC or are you trying to use this as a NT4 PDC?
|
# ? Apr 2, 2019 18:42 |
|
This is a server joined to an AD domain. I can use getent to get users and groups from the DC, and I can log onto the server using domain credentials so I believe that part is working correctly.
|
# ? Apr 2, 2019 18:48 |
|
McPhearson posted:This is a server joined to an AD domain. I can use getent to get users and groups from the DC, and I can log onto the server using domain credentials so I believe that part is working correctly. You're not contacting a DC to authenticate for the rights grant, net rpc is trying to authenticate against the local system Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_ACCESS_DENIED For the NET command try adding -w|--workgroup target-workgroup which Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. You may have to add a realm=your.kerberos.REALM, security=ADS, and possibly password server = your.kerberos.server to specify what server to authenticate against in smb.conf.
|
# ? Apr 2, 2019 19:04 |
|
zharmad posted:You may have to add a realm=your.kerberos.REALM, security=ADS, and possibly password server = your.kerberos.server to specify what server to authenticate against in smb.conf. This was it! Adding that gave me a different error message: Failed to grant privileges for DOMAIN\Domain Admins (NT_STATUS_ACCESS_DENIED) That led me to some Googling and apparently instead of net rpc rights grant, I should have been using net sam rights grant. Now I have samba shares that can be managed with windows ACL's! Thank you!
|
# ? Apr 2, 2019 20:11 |