[Samba] joining a domain

Barry Haycock Barry.Haycock at cybertrust.com
Wed Jul 27 02:33:13 GMT 2005


I have an openldap server configured to be the back end of a PDC.

Using samba 3.0.10

I can use smbclient -L host -U uid to connect to the domain server and
see shares.

>From a windows box I can browse to the domain and use a login to login
to a share.

But when I try and add a host to the domain I get an error message of
"Access Denied"

Going through the ldap logs I see no acl denied errors.

The only error I can find in samba is

Logging level 6
0008 Status: NT_STATUS_ACCESS_DENIED 

logging level 2
[2005/07/27 10:27:11, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
  _samr_open_domain: ACCESS DENIED  (requested: 0000000211)
[2005/07/27 10:27:11, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain SAFER ->
S-1-5-21-873056956-1700891030-3564651719
[2005/07/27 10:27:11, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
  _samr_create_user: ACCESS DENIED (granted: 0000000201;  required:
0000000010)
[2005/07/27 10:27:11, 2] smbd/server.c:exit_server(571)
  Closing connections

I have found a number of similar errors on google but no answers.

Can anyone point to some error I might have made?

in smb.conf I have
o level = 32
perferred master = yes
domain master = yes
domain logons = yes
security = user
encrypt passwords = yes
null passwords = yes

I have substantially more logs if needed but didn't want to fill up the
list with them.

Barry


More information about the samba mailing list