can I join win2000 domain with normal domain user?
abartlet at samba.org
Wed May 21 15:07:27 GMT 2003
On Wed, 2003-05-21 at 22:19, lin li wrote:
> >From: Marc Kaplan <MKaplan at snapappliance.com>
> >To: Andrew Bartlett <abartlet at samba.org>, Lin Li <goldli at hotmail.com>
> >CC: samba-technical at lists.samba.org
> >Subject: RE: can I join win2000 domain with normal domain user?
> >Date: Tue, 20 May 2003 16:42:13 -0700
> > > On Wed, 2003-05-21 at 06:50, Lin Li wrote:
> > > > Hi,
> > > >
> > > > I'm using samba 3.0 alpha23. I found I need a domain admin
> > > to join the win2000 active directory. WIth a win2000 client,
> > > a normal domain user can do that. Is this a missing feature?
> > >
> > > It should work the same as a Win2k client now. That patch has been in
> > > there for a couple of months now.
> > >
> > > I'll need some more information on how the 'net join' fails.
> > >
> > > Andrew Bartlett
> > >
> >A "normal" domain user still needs permissions to join for both Win2k and
> >Samba. Even in Windows not all users can join, the need to be members of
> >proper groups, have been delegated control of a particular OU, or been
> >explicit permissions to add workstations to the domain.
> > -Marc
> Here is the error I got with 'net ads join':
> [2003/05/21 20:08:05, 1] libsmb/clikrb5.c:krb5_mk_req2(267)
> krb5_cc_get_principal failed (No credentials cache found)
> [2003/05/21 20:08:05, 0] libads/ldap.c:ads_join_realm(1361)
> ads_add_machine_acct: Insufficient access
> ads_join_realm: Insufficient access
> I can join the win2k client to the domain with the same domain user.
Can I get some traces of that? (an ethereal sniff of the Win2k client
joining the domain without an admin password)
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030521/bf296a6b/attachment.bin
More information about the samba-technical