net rpc rights” Utility">
Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Using the “net rpc rights” Utility

There are two primary means of managing the rights assigned to users and groups on a Samba server. The NT4 User Manager for Domains may be used from any Windows NT4, 2000, or XP Professional domain member client to connect to a Samba domain controller and view/modify the rights assignments. This application, however, appears to have bugs when run on a client running Windows 2000 or later; therefore, Samba provides a command-line utility for performing the necessary administrative actions.

The net rpc rights utility in Samba 3.0.11 has three new subcommands:

list [name|accounts]

When called with no arguments, net rpc list simply lists the available rights on the server. When passed a specific user or group name, the tool lists the privileges currently assigned to the specified account. When invoked using the special string accounts, net rpc rights list returns a list of all privileged accounts on the server and the assigned rights.

grant <user> <right [right ...]>

When called with no arguments, this function is used to assign a list of rights to a specified user or group. For example, to grant the members of the Domain Admins group on a Samba domain controller, the capability to add client machines to the domain, one would run:

root#  net -S server -U domadmin rpc rights grant \
	 'DOMAIN\Domain Admins' SeMachineAccountPrivilege

The following syntax has the same result:

root#  net rpc rights grant 'DOMAIN\Domain Admins' \
     SeMachineAccountPrivilege -S server -U domadmin

More than one privilege can be assigned by specifying a list of rights separated by spaces. The parameter 'Domain\Domain Admins' must be quoted with single ticks or using double-quotes to prevent the backslash and the space from being interpreted by the system shell.

revoke <user> <right [right ...]>

This command is similar in format to net rpc rights grant . Its effect is to remove an assigned right (or list of rights) from a user or group.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire