Unable to use NSS Rights Utility for AD users
I'm trying to use the "rights" command line tool to manage trustee rights for directories on an NSS volume.
I can use it without issue for eDirectory users however when I try to use it for AD users I get an error.
I referenced the documentation here:
and it says:
"For Active Directory users, use the netbios name of the AD domain followed by the user name. For example, NETBIOSNameOfDomain\\user. "
NFARM works fine however I am trying to automate some processes which require me to use this tool in a script.
Here is an example of what I've been trying:
rights -f folder delete domain\\username
This results in:
Error removing trustee: Error: -610. NITERR_UNKNOWN_ERROR.
Bad user name.
I have also tried using only one \ which I didn't expect to work and got almost the same error message except the error code was -601. I have tried using quotes around the username and also the full user DN. None of these worked either.
These servers were configured by a previous member of the team who left before I joined so I have inherited them without much knowledge of their history.
If anyone has any suggestions it would be appreciated.
Please try the command as follows:
rights -f folder delete domain\\username -a
You should include -a in the rights command when adding, modifying, or removing AD trustees.