[Samba] Joining a domain with a non-administrator account
Wayne Rasmussen
wayne at mail.gomonarch.com
Tue Feb 8 21:46:32 GMT 2005
In Active Directory, make sure the console is view->Advance Features. In
the OU there should be a computer account for this machine. Open it and go
to the security tab. Click on the add button, then add the user you are
using with kinit. Go to the permissions section for this user, make sure he
has the following permissions or checked to allow: Read, Write, Reset
Password, Validate Write to DNS Hostname, Validate Write to Service
Principal Name.
> -----Original Message-----
> From: samba-bounces+wayne=gomonarch.com at lists.samba.org
> [mailto:samba-bounces+wayne=gomonarch.com at lists.samba.org]On Behalf Of
> David Sonenberg
> Sent: Tuesday, February 08, 2005 8:14 AM
> To: samba at lists.samba.org
> Subject: [Samba] Joining a domain with a non-administrator account
>
>
> I'm trying to set it up so I can join the domain with a regular user
> that is part of the domain admin group. I have a user
> dsonenberg that
> is in the domain admin group(512), but I can't join the
> domain with that
> account. For the record I can login with that account and
> Administrator
> can join the domain. The PDC has an LDAP backend. Here's the log.
>
> 2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we
> would close
> all old resources.
> [2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we
> would close
> all old resources.
> [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
> init_sam_from_ldap: Entry found for user: dsonenberg
> [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
> init_group_from_ldap: Entry found for group: 512
> [2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [dsonenberg] ->
> [dsonenberg] -> [dsonenberg] succeeded
> [2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571)
> Closing connections
> [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we
> would close
> all old resources.
> [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
> setup_new_vc_session: New VC == 0, if NT4.x compatible we
> would close
> all old resources.
> [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
> init_sam_from_ldap: Entry found for user: dsonenberg
> [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
> init_group_from_ldap: Entry found for group: 512
> [2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305)
> check_ntlm_password: authentication for user [dsonenberg] ->
> [dsonenberg] -> [dsonenberg] succeeded
> [2005/02/08 10:26:26, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
> Returning domain sid for domain STROZLLC ->
> S-1-5-21-1001378032-4272845324-1772824492
> [2005/02/08 10:26:26, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
> _samr_open_domain: ACCESS DENIED (requested: 0x00000211)
> [2005/02/08 10:26:26, 2]
> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
> Returning domain sid for domain STROZLLC ->
> S-1-5-21-1001378032-4272845324-1772824492
> [2005/02/08 10:26:26, 2]
> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
> _samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
> 0x00000010)
> [2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571)
> Closing connections
>
> --
> David Sonenberg
> Systems / Network Administrator
> Stroz Friedberg, LLC
> 15 Maiden Lane
> 15th Floor
> New York, NY 10038
> 212.981.6527 (o) | 917.495.4918 (c)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list