To put it simple id like to give our Domain Admins the same access to
Samba shares that the root user has and havent had much luck doing
this. Whenever I look this up I find that people are doing this
different ways but none seem to work. The only other thing that ive
seen people doing is adding a domain user to the sudoers list but that
means the domain user has to be logged into the linux server and then
elevate their privileges.
You may in fact be talking about different things, but the main ones I
can remember now are:
Admin rights at share level (can also be used as a global parameter)
In smb.conf:
admin users = "@[yourdoamin]\Domain Admins"
If you are talking about privileges:
net rpc rights list
net rpc rights grant
The possible privileges are:
SeMachineAccountPrivilegeAdd machines to domain
SeTakeOwnershipPrivilege Take ownership of files or other objects
SeBackupPrivilege Back up files and directories
SeRestorePrivilege Restore files and directories
SeRemoteShutdownPrivilege Force shutdown from a remote system
SePrintOperatorPrivilege Manage printers
SeAddUsersPrivilege Add users and groups to the domain
SeDiskOperatorPrivilege Manage disk shares
SeSecurityPrivilege Manage auditing and security log
For example:
net rpc rights grant "Domain Admins" SeMachineAccountPrivilege
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
