[Samba] Unable to join domain using ldap backend
Farkas Levente
lfarkas at bppiac.hu
Thu Feb 3 12:08:11 GMT 2005
it's a bug in rc1 already fixed in the svn and in the final 3.0.11.
John H Terpstra wrote:
> David,
>
> Get rid of the "Administrator" account. Use the "root" account instead. You
> have ambiguous names that can NOT unambiguously resolve to one identity.
>
> ie: Is uid=0 root or is it Administrator?
> Does uid=0 map to the Administrator SID or to some other SID?
>
> Also, use:
> net rpc join -S 'PDC_Name' -Uroot%secret
>
> PS: It is best to populate your LDAP directory using:
> "smbldap-populate -a root", not just the default which creates an
> "Administrator" account.
>
> - John T.
>
>
> On Wednesday 02 February 2005 15:11, MONGAN, DAVID (JSC-DV2) (USA) wrote:
>
>>net rpc join
>>
>>Create of workstation account failed
>>User specified does not have administrator privileges
>>Unable to join domain BOB
>>
>>
>>I'm logged in as root.
>>I setup ldap using the Idealx instructions and latest scripts.
>>I can add users and see the samba server ie smbclient -L bob
>>-Uroot%secret
>>I set the password for the Administrator account and it is also set uid 0.
>>I set the secrets.tdb password smbpasswd -w secret.
>>I also have a ldap-secret file.
>>I checked the SID for net getlocalsid to the SID's in the ldap database,
>>all matched up.
>>I tried running net rpc join -Uadministrator%secret
>>For simplicity all the passwords I set are the same "secret".
>>
>>Could someone please explain what the command;
>>
>> net rpc join
>>
>>is trying to authenticate? Why can't it create a "workstations account"?
>>What "administrator privileges" is it looking for?
>>
>>I am able to join the domain if I don't use the ldap backend.
>>What's the magic setting for ldap?
>>
>>Thanks,
>>
>>David Mongan
>
>
--
Levente "Si vis pacem para bellum!"
More information about the samba
mailing list