[Samba] Permissions on ou for net join to ADS

Unix Service (ANTS) Unix.Services at ants.co.uk
Tue Feb 24 16:16:52 GMT 2004 

Hi

I have noticed the following behaviour:

If I get a kerberos ticket as a domain admin user using kinit and then do a
net join to an ADS domain, then this works fine and net ads testjoin and net
ads leave work too.

However if I do it as a user with full control on a particular ou within the
AD tree, net join gives the following:

net join "/Global Administration/Samba Servers"
[2004/02/24 14:33:48, 0] libads/ldap.c:(1072)
  Warning: ads_set_machine_sd: NT_STATUS_INVALID_PARAMETER
Using short domain name -- AD
Joined 'host1' to realm 'AD.ME.CO.UK'

net ads test join still returns ok but net ads leave returns failed to
delete host xxxx from dddddd realm ( I do a net join again it deletes the
old entry and re adds the host ok ).

It's not causing any problems as such, but I just wondered if there was any
explanation for the above behaviour as I assumed full control on an ou would
be equivlaent to domain admin within the scope of that ou.

tim


***************************************************************************
This communication (including any attachments) contains confidential information.  If you are not the intended recipient and you have received this communication in error, you should destroy it without copying, disclosing or otherwise using its contents.  Please notify the sender immediately of the error.

Internet communications are not necessarily secure and may be intercepted or changed after they are sent.  Abbey National Treasury Services plc does not accept liability for any loss you may suffer as a result of interception or any liability for such changes.  If you wish to confirm the origin or content of this communication, please contact the sender by using an alternative means of communication.

This communication does not create or modify any contract and, unless otherwise stated, is not intended to be contractually binding.

Abbey National Treasury Services plc. Registered Office:  Abbey National House, 2 Triton Square, Regents Place, London NW1 3AN.  Registered in England under Company Registration Number: 2338548.  Regulated by the Financial Services Authority (FSA).
***************************************************************************

More information about the samba mailing list