[Samba] can't join to a domain... can_add_account is returning
false
Gerald (Jerry) Carter
jerry at samba.org
Mon Jul 25 13:36:21 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brad Langhorst wrote:
| I have just set up a domain and am trying to join a machine to it.
| When i watch the log i see
|
| [2005/07/22 14:56:26, 5]
| rpc_server/srv_samr_nt.c:_samr_create_user(2311)
| _samr_create_user: can add this account : False
| Error: modifications require authentication
| at /usr/share/perl5/smbldap_tools.pm line 892, <DATA> line 283.
| [2005/07/22 14:56:28, 0]
| rpc_server/srv_samr_nt.c:_samr_create_user(2324)
| _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w
| "newt$"' gave 127
|
| so for some reason my account (root) is not passing
| the can_add_account test and the add user script is
| not being run as root.
|
| I don't know why since root is a member of the correct groups
Technically root doesn't need any extra privileges.
Run a level 10 debug log and look for SE_PRIV to see
what privileges have been assigned though just out of
curiousity.
| Error: modifications require authentication
| at /usr/share/perl5/smbldap_tools.pm line 892, <DATA> line 283.
This implies that your script is connecting anonymously.
OpenLDAP doesn't allow anonymous updatres by default
(starting with OL 2.1 IIRC). SO you would have to add
'allow update_anon' to slapd.conf.
But of course, this is like adding 'guest account = root'
in smb.conf. :-) It's a really bad idea.
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFC5OrVIR7qMdg1EfYRAmaaAJ9xqSLofIDAk23mFVj1DLWptfuCdQCglcIS
F2cjMD7Hsthq+Wmw7EQjgOA=
=6gxb
-----END PGP SIGNATURE-----
More information about the samba
mailing list