[Samba] net ads join requires full domain admin account?
Gerald (Jerry) Carter
jerry at samba.org
Fri Feb 11 16:14:10 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Marc Schiffbauer wrote:
|> Problem: I have an account that allows me to join
|> an AD domain, this works fine from any win box. However
|> it fails with "ads_add_machine_acct (client_name):
|> Insufficient access" when I do a net ads join from a linux
|> box. To get samba to join the domain, I have to use
|> an account with full domain admin privs. (ie net
|> ads join -Ufull_domain_admin)
|>
|> Is this expected behavior?
|
| I just wanted to confirm that. I saw the same while
| I was trying to add my Samba machine to an AD.
The acls on you machine object or parent OU in AD
are wrong then. I can successfully join Samba boxes
to an AD domain without being a domain admin.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCDNnSIR7qMdg1EfYRAm+NAJ4tTHU1ULsnf6VCIBUlUBRFNRFaNACfWDlj
IXmrB82nkQ6LYqFxAW9w0IA=
=oT/C
-----END PGP SIGNATURE-----
More information about the samba
mailing list