To put it simple id like to give our Domain Admins the same access to Samba shares that the root user has and havent had much luck doing this. Whenever I look this up I find that people are doing this different ways but none seem to work. The only other thing that ive seen people doing is adding a domain user to the sudoers list but that means the domain user has to be logged into the linux server and then elevate their privileges.
You may in fact be talking about different things, but the main ones I can remember now are:
Admin rights at share level (can also be used as a global parameter) In smb.conf: admin users = "@[yourdoamin]\Domain Admins" If you are talking about privileges: net rpc rights list net rpc rights grant The possible privileges are: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege Manage auditing and security log For example: net rpc rights grant "Domain Admins" SeMachineAccountPrivilege -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
