[Samba] Unable to join domain using ldap backend
John H Terpstra
jht at samba.org
Wed Feb 2 22:40:54 GMT 2005
David,
Get rid of the "Administrator" account. Use the "root" account instead. You
have ambiguous names that can NOT unambiguously resolve to one identity.
ie: Is uid=0 root or is it Administrator?
Does uid=0 map to the Administrator SID or to some other SID?
Also, use:
net rpc join -S 'PDC_Name' -Uroot%secret
PS: It is best to populate your LDAP directory using:
"smbldap-populate -a root", not just the default which creates an
"Administrator" account.
- John T.
On Wednesday 02 February 2005 15:11, MONGAN, DAVID (JSC-DV2) (USA) wrote:
> net rpc join
>
> Create of workstation account failed
> User specified does not have administrator privileges
> Unable to join domain BOB
>
>
> I'm logged in as root.
> I setup ldap using the Idealx instructions and latest scripts.
> I can add users and see the samba server ie smbclient -L bob
> -Uroot%secret
> I set the password for the Administrator account and it is also set uid 0.
> I set the secrets.tdb password smbpasswd -w secret.
> I also have a ldap-secret file.
> I checked the SID for net getlocalsid to the SID's in the ldap database,
> all matched up.
> I tried running net rpc join -Uadministrator%secret
> For simplicity all the passwords I set are the same "secret".
>
> Could someone please explain what the command;
>
> net rpc join
>
> is trying to authenticate? Why can't it create a "workstations account"?
> What "administrator privileges" is it looking for?
>
> I am able to join the domain if I don't use the ldap backend.
> What's the magic setting for ldap?
>
> Thanks,
>
> David Mongan
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
More information about the samba
mailing list