[Samba] Minimum Permissions Required to Associate to a Windows
Server 2003 AD Realm
Daniel Ramaley
daniel.ramaley at DRAKE.EDU
Tue Sep 7 21:55:13 GMT 2004
I don't know about Samba specifically, but in the active directory here
i have an account just for joining Windows machines to the domain. The
account only has 2 permissions set in group policy, both of which apply
to computer objects: Write All Properties, and Reset Password.
On Tuesday 07 September 2004 03:27 pm, Tavis wrote:
>I'm setting up a windows server 2003 ADS Realm with a few samba
> servers associating to it, however i've found that the accounts on
> the DC that i use to associate samba with need to be in the
> administrator group otherwise the association fails.
> ("ads_join_realm: Insufficient access")
>
>I'm just curious what the absolute minimum privileges are on the
> Windows Server 2003 DC to allow the Samba server to Join the ADS
> Realm? I don't like the idea of giving the accounts used by samba
> administrative access, and it just doesn't seem necessary.
--
------------------------------------------------------------------------
Dan Ramaley
Digital Media Library Specialist
(515) 271-1934
Cowles Library 140, Drake University
More information about the samba
mailing list