[Samba] Unable to join domain using ldap backend

John H Terpstra jht at samba.org
Wed Feb 2 22:40:54 GMT 2005


Get rid of the "Administrator" account. Use the "root" account instead. You 
have ambiguous names that can NOT unambiguously resolve to one identity.

ie: Is uid=0 root or is it Administrator?
    Does uid=0 map to the Administrator SID or to some other SID?

Also, use:
	net rpc join -S 'PDC_Name' -Uroot%secret

PS: It is best to populate your LDAP directory using:
	"smbldap-populate -a root",  not just the default which creates an        
	"Administrator" account.

- John T.

On Wednesday 02 February 2005 15:11, MONGAN, DAVID (JSC-DV2) (USA) wrote:
> net rpc join
> Create of workstation account failed
> User specified does not have administrator privileges
> Unable to join domain BOB
> I'm logged in as root.
> I setup ldap using the Idealx instructions and latest scripts.
> I can add users  and see the samba server  ie  smbclient -L bob
> -Uroot%secret
> I set the password for the Administrator account and it is also set uid 0.
> I set the secrets.tdb password  smbpasswd -w secret.
> I also have a ldap-secret file.
> I checked the SID for net getlocalsid to the SID's in the ldap database,
> all matched up.
> I tried running net rpc join -Uadministrator%secret
> For simplicity all the passwords I set are the same "secret".
> Could someone please explain what the command;
>   net rpc join
> is trying to authenticate?  Why can't it create a "workstations account"?
> What "administrator privileges" is it looking for?
> I am able to join the domain if I don't use the ldap backend.
> What's the magic setting for ldap?
> Thanks,
> David Mongan

John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list