can I join win2000 domain with normal domain user?
lin li
goldli at hotmail.com
Wed May 21 12:19:21 GMT 2003
>From: Marc Kaplan <MKaplan at snapappliance.com>
>To: Andrew Bartlett <abartlet at samba.org>, Lin Li <goldli at hotmail.com>
>CC: samba-technical at lists.samba.org
>Subject: RE: can I join win2000 domain with normal domain user?
>Date: Tue, 20 May 2003 16:42:13 -0700
>
> > On Wed, 2003-05-21 at 06:50, Lin Li wrote:
> > > Hi,
> > >
> > > I'm using samba 3.0 alpha23. I found I need a domain admin
> > to join the win2000 active directory. WIth a win2000 client,
> > a normal domain user can do that. Is this a missing feature?
> >
> > It should work the same as a Win2k client now. That patch has been in
> > there for a couple of months now.
> >
> > I'll need some more information on how the 'net join' fails.
> >
> > Andrew Bartlett
> >
>A "normal" domain user still needs permissions to join for both Win2k and
>Samba. Even in Windows not all users can join, the need to be members of
>the
>proper groups, have been delegated control of a particular OU, or been
>given
>explicit permissions to add workstations to the domain.
>
> -Marc
Here is the error I got with 'net ads join':
---------------------
[2003/05/21 20:08:05, 1] libsmb/clikrb5.c:krb5_mk_req2(267)
krb5_cc_get_principal failed (No credentials cache found)
[2003/05/21 20:08:05, 0] libads/ldap.c:ads_join_realm(1361)
ads_add_machine_acct: Insufficient access
ads_join_realm: Insufficient access
----------------------
I can join the win2k client to the domain with the same domain user.
Thanks,
Lin
_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
More information about the samba-technical
mailing list