Privileges required to join windows domains

Sam Liddicott sam at liddicott.com
Wed Mar 21 08:24:12 MDT 2012


Samba4 libnetjoin considers failure to set msDS-SupportedEncryptionTypes to
be fatal unless the error was LDB_ERR_NO_SUCH_ATTRIBUTE

However, windows domains long have a tradition of admin privileges not
being required to join the domain, as well as being able specifically
specify a user or group who may join a machine to the domain if the machine
account is pre-created. In these cases the msDS-SupportedEncryptionTypes
attribute cannot be set when joining the domain.

I think that failure to set msDS-SupportedEncryptionTypes merits a warning,
not a fatal error. Anyone disagree?

Sam


More information about the samba-technical mailing list