[Samba] Re: Joining samba to AD domain with a non-admin user

[Antti Andreimann]

Chere Zhou wrote:

> Secondly, using -U or not with net ads join does not make a difference.  I
> did debug through there to find that it is the ldap_add_s fails.  However,
> I do not see how my kerberos user principal is being used for the LDAP
> connection, though different principal does make the difference.  I guess
> it's the bind to LDAP call?  But the ads.auth.user_name is always root,
> which is the Unix account I am working on, and ads.auth.password always
> "".

Do You have /etc/krb5.conf set up with AD realms?
Can You do kinit user at ADS.REALM?

If so, can You please save and send me two ethereal dumps:
1. Successful join from windows client to AD.
2. The errorneous join from samba to AD.

Maybe I can then figure out what went wrong.

-- 
          Antti Andreimann
      Using Linux since 1993
  Member of ELUG since 29.01.2000