Michael Lueck <mlueck <at> lueckdatasystems.com> writes: > > I found the solution, or at least a work around, for my posting: "Can not grant SeMachineAccountPrivilege > on Debian Etch" > > I ended up: > 1) ssh to Debian Etch as root > 2) smbpasswd -a root > 3) issue the "net rpc rights grant ..." command > SUCCESS!!! > > So, that raises the question that what MUST be executed as user root verses a member of ntgroup="Domain Admins"?
Funny you should bring this up. I've been having the same problem but my system is security=ADS so I can't authenticate the local root user. >From the source _lsa_add_acct_rights() is supposed to allow grant to members of Domain Admins (RID 512) but that's apparently not working. se_access_check() shows my account has a sid of [getlocalsid]-512 so I should be considered as a member of Domain Admins. Time to start the debugging... -nik [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba