[Samba] samba-tool join domain fails

Rowland Penny rowlandpenny at googlemail.com
Wed Sep 25 06:28:06 MDT 2013 

On 25/09/13 13:18, Axel wrote:
> Of course,
>
> Rowland Penny schrieb:
>> On 25/09/13 12:37, Axel wrote:
>>> Anyone? Join failed - cleaning up
>>>> checking sAMAccountName
>>>> ERROR(ldb): uncaught exception - LDAP error 50 
>>>> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00000522: SecErr: DSID-031A0F44, 
>>>> problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>>>>> <>
>>>>   File 
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
>>>> line 175, in _run
>>>>     return self.run(*args, **kwargs)
>>>>   File 
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", 
>>>> line 552, in run
>>>>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
>>>> dns_backend=dns_backend)
>>>>   File 
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 
>>>> 1104, in join_DC
>>>>     ctx.do_join()
>>>>   File 
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 
>>>> 1007, in do_join
>>>>     ctx.join_add_objects()
>>>>   File 
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 
>>>> 499, in join_add_objects
>>>>     ctx.samdb.add(rec)
>>>> </code>
>>>>
>>>> It seems to be, that all prerequisites fine. DNS, ACL etc., ping 
>>>> works fine... also resolutions of fqdn's
>>>>
>>>> Can someone help?
>>>>
>>>> Thanks & Cheers
>>>>  axel
>>>>
>> Well I think this:
>>
>> ERROR(ldb): uncaught exception - LDAP error 50 
>> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00000522: SecErr: DSID-031A0F44, 
>> problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>>
>> says it all.
>>
>> Does user intranet/admin exist and if so, do they have the right to 
>> add a machine to the domain, also have you tried replacing 
>> intranet/admin with Administrator?
>>
>> Rowland
> as i said in my first mail, that is THE Domain Administrator (renamed 
> in my environment to admin). This "admin" has all rights to this 
> domain since 2005 :)
> Same problem with another Domain-Administrator Account.
>
> I've also tried with "Administrator" like you suggested. Same issue...
>
> Thanks to your reply,
>  axel
>
OK, I did this yesterday, but with a samba4 DC joining to another samba4 
DC, try this:

kinit admin

/usr/local/samba/bin/samba-tool domain join intranet.domain.de DC 
-Uadmin --realm=intranet.domain.de

Rowland

More information about the samba mailing list