[Samba] Joining a domain with a non-administrator account

David Sonenberg dsonenberg at strozllc.com
Tue Feb 8 16:50:11 GMT 2005


I guess I wasn't clear.  My PDC is samba box.  It's not Active Directory.
Wayne Rasmussen wrote:

>In Active Directory, make sure the console is view->Advance Features.  In
>the OU there should be a computer account for this machine.  Open it and go
>to the security tab.  Click on the add button, then add the user you are
>using with kinit.  Go to the permissions section for this user, make sure he
>has the following permissions  or checked to allow: Read, Write, Reset
>Password, Validate Write to DNS Hostname, Validate Write to Service
>Principal Name.
>
>  
>
>>-----Original Message-----
>>From: samba-bounces+wayne=gomonarch.com at lists.samba.org
>>[mailto:samba-bounces+wayne=gomonarch.com at lists.samba.org]On Behalf Of
>>David Sonenberg
>>Sent: Tuesday, February 08, 2005 8:14 AM
>>To: samba at lists.samba.org
>>Subject: [Samba] Joining a domain with a non-administrator account
>>
>>
>>I'm trying to set it up so I can join the domain with a regular user
>>that is part of the domain admin group.  I have a user
>>dsonenberg that
>>is in the domain admin group(512), but I can't join the
>>domain with that
>>account.  For the record I can login with that account and
>>Administrator
>>can join the domain.  The PDC has an LDAP backend.  Here's the log.
>>
>>2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>>  init_sam_from_ldap: Entry found for user: dsonenberg
>>[2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>>  init_group_from_ldap: Entry found for group: 512
>>[2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305)
>>  check_ntlm_password:  authentication for user [dsonenberg] ->
>>[dsonenberg] -> [dsonenberg] succeeded
>>[2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571)
>>  Closing connections
>>[2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>>  init_sam_from_ldap: Entry found for user: dsonenberg
>>[2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>>  init_group_from_ldap: Entry found for group: 512
>>[2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305)
>>  check_ntlm_password:  authentication for user [dsonenberg] ->
>>[dsonenberg] -> [dsonenberg] succeeded
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>>  Returning domain sid for domain STROZLLC ->
>>S-1-5-21-1001378032-4272845324-1772824492
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:access_check_samr_object(93)
>>  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>>  Returning domain sid for domain STROZLLC ->
>>S-1-5-21-1001378032-4272845324-1772824492
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:access_check_samr_function(115)
>>  _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
>>0x00000010)
>>[2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571)
>>  Closing connections
>>
>>--
>>David Sonenberg
>>Systems / Network Administrator
>>Stroz Friedberg, LLC
>>15 Maiden Lane
>>15th Floor
>>New York, NY 10038
>>212.981.6527 (o) | 917.495.4918 (c)
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>>    
>>
>
>  
>


-- 
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)



More information about the samba mailing list