[Samba] Joining a domain with a non-administrator account

Ryan Novosielski novosirj at umdnj.edu
Mon Feb 14 15:43:24 GMT 2005 

Yes, and Jerry Carter already wrote back to you with a list of relevant 
questions.

---- _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$&| |__| |  | |__/ | \| _|  | novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Thu, 10 Feb 2005, David Sonenberg wrote:

> Does anyone know?
>
> David Sonenberg wrote:
>
>> I guess I wasn't clear.  My PDC is samba box.  It's not Active Directory.
>> Wayne Rasmussen wrote:
>> 
>>> In Active Directory, make sure the console is view->Advance Features.  In
>>> the OU there should be a computer account for this machine.  Open it and 
>>> go
>>> to the security tab.  Click on the add button, then add the user you are
>>> using with kinit.  Go to the permissions section for this user, make sure 
>>> he
>>> has the following permissions  or checked to allow: Read, Write, Reset
>>> Password, Validate Write to DNS Hostname, Validate Write to Service
>>> Principal Name.
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: samba-bounces+wayne=gomonarch.com at lists.samba.org
>>>> [mailto:samba-bounces+wayne=gomonarch.com at lists.samba.org]On Behalf Of
>>>> David Sonenberg
>>>> Sent: Tuesday, February 08, 2005 8:14 AM
>>>> To: samba at lists.samba.org
>>>> Subject: [Samba] Joining a domain with a non-administrator account
>>>> 
>>>> 
>>>> I'm trying to set it up so I can join the domain with a regular user
>>>> that is part of the domain admin group.  I have a user
>>>> dsonenberg that
>>>> is in the domain admin group(512), but I can't join the
>>>> domain with that
>>>> account.  For the record I can login with that account and
>>>> Administrator
>>>> can join the domain.  The PDC has an LDAP backend.  Here's the log.
>>>> 
>>>> 2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>>> would close
>>>> all old resources.
>>>> [2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>>> would close
>>>> all old resources.
>>>> [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>>>>  init_sam_from_ldap: Entry found for user: dsonenberg
>>>> [2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>>>>  init_group_from_ldap: Entry found for group: 512
>>>> [2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305)
>>>>  check_ntlm_password:  authentication for user [dsonenberg] ->
>>>> [dsonenberg] -> [dsonenberg] succeeded
>>>> [2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571)
>>>>  Closing connections
>>>> [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>>> would close
>>>> all old resources.
>>>> [2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
>>>>  setup_new_vc_session: New VC == 0, if NT4.x compatible we
>>>> would close
>>>> all old resources.
>>>> [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
>>>>  init_sam_from_ldap: Entry found for user: dsonenberg
>>>> [2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
>>>>  init_group_from_ldap: Entry found for group: 512
>>>> [2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305)
>>>>  check_ntlm_password:  authentication for user [dsonenberg] ->
>>>> [dsonenberg] -> [dsonenberg] succeeded
>>>> [2005/02/08 10:26:26, 2]
>>>> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>>>>  Returning domain sid for domain STROZLLC ->
>>>> S-1-5-21-1001378032-4272845324-1772824492
>>>> [2005/02/08 10:26:26, 2]
>>>> rpc_server/srv_samr_nt.c:access_check_samr_object(93)
>>>>  _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
>>>> [2005/02/08 10:26:26, 2]
>>>> rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>>>>  Returning domain sid for domain STROZLLC ->
>>>> S-1-5-21-1001378032-4272845324-1772824492
>>>> [2005/02/08 10:26:26, 2]
>>>> rpc_server/srv_samr_nt.c:access_check_samr_function(115)
>>>>  _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
>>>> 0x00000010)
>>>> [2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571)
>>>>  Closing connections
>>>> 
>>>> -- 
>>>> David Sonenberg
>>>> Systems / Network Administrator
>>>> Stroz Friedberg, LLC
>>>> 15 Maiden Lane
>>>> 15th Floor
>>>> New York, NY 10038
>>>> 212.981.6527 (o) | 917.495.4918 (c)
>>>> 
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>>> 
>>>> 
>>> 
>>> 
>>> 
>> 
>> 
>
>
> -- 
> David Sonenberg
> Systems / Network Administrator
> Stroz Friedberg, LLC
> 15 Maiden Lane
> 15th Floor
> New York, NY 10038
> 212.981.6527 (o) | 917.495.4918 (c)
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list