[Samba] Joining a domain with a non-administrator account

David Sonenberg dsonenberg at strozllc.com
Thu Feb 10 23:17:17 GMT 2005 

Does anyone know?

David Sonenberg wrote:

> I guess I wasn't clear.  My PDC is samba box.  It's not Active Directory.
> Wayne Rasmussen wrote:
>
>> In Active Directory, make sure the console is view->Advance 
>> Features.  In
>> the OU there should be a computer account for this machine.  Open it 
>> and go
>> to the security tab.  Click on the add button, then add the user you are
>> using with kinit.  Go to the permissions section for this user, make 
>> sure he
>> has the following permissions  or checked to allow: Read, Write, Reset
>> Password, Validate Write to DNS Hostname, Validate Write to Service
>> Principal Name.
>>
>>  
>>
>>> -----Original Message-----
>>> From: samba-bounces+wayne=gomonarch.com at lists.samba.org
>>> [mailto:samba-bounces+wayne=gomonarch.com at lists.samba.org]On Behalf Of
>>> David Sonenberg
>>> Sent: Tuesday, February 08, 2005 8:14 AM
>>> To: samba at lists.samba.org
>>> Subject: [Samba] Joining a domain with a non-administrator account
>>>
>>>
>>> I'm trying to set it up so I can join the domain with a regular user
>>> that is part of the domain admin group.  I have a user
>>> dsonenberg that
>>> is in the domain admin group(512), but I can't join the
>>> domain with that
>>> account.  For the record I can login with that account and
>>> Administrator
>>> can join the domain.  The PDC has an LDAP backend.  Here's the log.
>>>
>>> 2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>> would close
>>> all old resources.
>>> [2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>> would close
>>> all old resources.
>>> [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>>>  init_sam_from_ldap: Entry found for user: dsonenberg
>>> [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>>>  init_group_from_ldap: Entry found for group: 512
>>> [2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305)
>>>  check_ntlm_password:  authentication for user [dsonenberg] ->
>>> [dsonenberg] -> [dsonenberg] succeeded
>>> [2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571)
>>>  Closing connections
>>> [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>> would close
>>> all old resources.
>>> [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>> would close
>>> all old resources.
>>> [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>>>  init_sam_from_ldap: Entry found for user: dsonenberg
>>> [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>>>  init_group_from_ldap: Entry found for group: 512
>>> [2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305)
>>>  check_ntlm_password:  authentication for user [dsonenberg] ->
>>> [dsonenberg] -> [dsonenberg] succeeded
>>> [2005/02/08 10:26:26, 2]
>>> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>>>  Returning domain sid for domain STROZLLC ->
>>> S-1-5-21-1001378032-4272845324-1772824492
>>> [2005/02/08 10:26:26, 2]
>>> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
>>>  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
>>> [2005/02/08 10:26:26, 2]
>>> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>>>  Returning domain sid for domain STROZLLC ->
>>> S-1-5-21-1001378032-4272845324-1772824492
>>> [2005/02/08 10:26:26, 2]
>>> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
>>>  _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
>>> 0x00000010)
>>> [2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571)
>>>  Closing connections
>>>
>>> -- 
>>> David Sonenberg
>>> Systems / Network Administrator
>>> Stroz Friedberg, LLC
>>> 15 Maiden Lane
>>> 15th Floor
>>> New York, NY 10038
>>> 212.981.6527 (o) | 917.495.4918 (c)
>>>
>>> -- 
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>>
>>>   
>>
>>
>>  
>>
>
>


-- 
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)

More information about the samba mailing list