[Samba] unable to join domain hosted by 3.0 PDC

Wed Jul 21 17:14:00 GMT 2004

I ran into a similar problem and finally determine that I didn't have 
the group mapping correct.  Do a "net groupmap list" a verify the your 
"Domain Admins" group is mapped to the correct unix group and that 
whatever user you're using is in that group.

I was having trouble mostly because of my own stupidity, and a few ldap 
issues.  I used a "net groupmap add" instead of the proper "net 
groupmap modify" then I ran into a nss_ldap problem, since all my users 
live in ldap.

Derek

On Jul 21, 2004, at 8:30 AM, Jeff Layton wrote:

> On Wed, Jul 21, 2004 at 01:54:52PM +0200, Nikola Vanevski wrote:
>> Hi!
>>
>> I experienced the same problem a couple of days ago. It is a
>> misconfiguration in global parameters, but I don't exactly know 
>> where. I
>> copied the smb.conf [Globals] options from a working server and it 
>> fixed
>> the problem. Because I was in a great hurry, I did not check where 
>> did I
>> go wrong. Here are the parameters that worked on _my_ server :
>> (smbpasswd backend)
>>
>> [global]
>>    workgroup = MBPR2
>>    server string = Samba Server
>>    interfaces = 127.0.0.1, eth0
>>    bind interfaces only = Yes
>>    map to guest = Bad User
>>    username map = /etc/samba/smbusers
>>    add machine script = /usr/sbin/useradd  -c Machine -d
>> /var/lib/nobody -s /bin/false %m$
>>    logon path =
>>    logon home =
>>    domain logons = Yes
>>    os level = 65
>>    preferred master = Yes
>>    domain master = Yes
>>    ldap suffix = dc=example,dc=com
>>    ldap ssl = no
>>    printer admin = @ntadmin, root, administrator
>>
>> Hope this helps. If you find what's going on (like the difference
>> between your settings and these), Id like to know.
>>
>> Greetings
>>
>> Nino
>
> Thanks for the info. I eventually found another way to solve it. I had:
>
>   invalid users = root
>
> so I commented that out, and was then able to use the root account to
> join the domain. I'd like to be able to figure out how to do it using a
> non-root account, though. Apparently it should be possible to do so if
> the account is a member of the Domain Admins, but that didn't seem to
> work for me.
>
> It would be nice to know what privileges are required to add machines 
> to
> the domain, so you could delegate out that privilege without having to
> use the root account. Any samba experts care to comment?
>
> -- Jeff
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
"This world is a comedy to those who think and a tragedy to those who 
feel."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040721/30005de5/PGP.bin