Thanks for the response.
Gerald Carter wrote:
Ryan,
hmm, the best option for me is to ask the AD administrator to grant the
samba SePrintOperatorPrivilege directly to the user object in Active
Directory. Where is this added in AD and what is this privilege called?
The user rights database is maintained in Samba's passdb. If
you are getting ACCESS_DENIED from smbd when you run 'net rpc
rights grant', it is because the account you are connecting as
does not have admin privileges as the Samba box.
The samba host is a domain member server (security=ADS) with winbind for
user accounts. Where is this user rights database stored and what is
the tool to assign admin privileges?
# /usr/local/samba/bin/wbinfo -i testpc1
testpc1:*:10726:10005:testpc1 papercut
test:/home/REALM/testpc1:/usr/bin/tcsh
# groups testpc1
testpc1 : root
# /usr/local/samba/bin/net rpc rights grant testpc1
SePrintOperatorPrivilege -U testpc1
Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED)
smb.conf:
http://pastebin.ca/1554626
-Ryan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
