[Samba] Joining a domain with a non-administrator account
David Sonenberg
dsonenberg at strozllc.com
Tue Feb 8 16:50:11 GMT 2005
I guess I wasn't clear. My PDC is samba box. It's not Active Directory.
Wayne Rasmussen wrote:
>In Active Directory, make sure the console is view->Advance Features. In
>the OU there should be a computer account for this machine. Open it and go
>to the security tab. Click on the add button, then add the user you are
>using with kinit. Go to the permissions section for this user, make sure he
>has the following permissions or checked to allow: Read, Write, Reset
>Password, Validate Write to DNS Hostname, Validate Write to Service
>Principal Name.
>
>
>
>>-----Original Message-----
>>From: samba-bounces+wayne=gomonarch.com at lists.samba.org
>>[mailto:samba-bounces+wayne=gomonarch.com at lists.samba.org]On Behalf Of
>>David Sonenberg
>>Sent: Tuesday, February 08, 2005 8:14 AM
>>To: samba at lists.samba.org
>>Subject: [Samba] Joining a domain with a non-administrator account
>>
>>
>>I'm trying to set it up so I can join the domain with a regular user
>>that is part of the domain admin group. I have a user
>>dsonenberg that
>>is in the domain admin group(512), but I can't join the
>>domain with that
>>account. For the record I can login with that account and
>>Administrator
>>can join the domain. The PDC has an LDAP backend. Here's the log.
>>
>>2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>> init_sam_from_ldap: Entry found for user: dsonenberg
>>[2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>> init_group_from_ldap: Entry found for group: 512
>>[2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305)
>> check_ntlm_password: authentication for user [dsonenberg] ->
>>[dsonenberg] -> [dsonenberg] succeeded
>>[2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571)
>> Closing connections
>>[2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>> setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>would close
>>all old resources.
>>[2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>> init_sam_from_ldap: Entry found for user: dsonenberg
>>[2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>> init_group_from_ldap: Entry found for group: 512
>>[2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305)
>> check_ntlm_password: authentication for user [dsonenberg] ->
>>[dsonenberg] -> [dsonenberg] succeeded
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>> Returning domain sid for domain STROZLLC ->
>>S-1-5-21-1001378032-4272845324-1772824492
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:access_check_samr_object(93)
>> _samr_open_domain: ACCESS DENIED (requested: 0x00000211)
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>> Returning domain sid for domain STROZLLC ->
>>S-1-5-21-1001378032-4272845324-1772824492
>>[2005/02/08 10:26:26, 2]
>>rpc_server/srv_samr_nt.c:access_check_samr_function(115)
>> _samr_create_user: ACCESS DENIED (granted: 0x00000201; required:
>>0x00000010)
>>[2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571)
>> Closing connections
>>
>>--
>>David Sonenberg
>>Systems / Network Administrator
>>Stroz Friedberg, LLC
>>15 Maiden Lane
>>15th Floor
>>New York, NY 10038
>>212.981.6527 (o) | 917.495.4918 (c)
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>>
>>
>
>
>
--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)
More information about the samba
mailing list