[Samba] ADS Join and Insufficient Access
mmaki at adelphia.net
Tue Nov 8 23:15:16 GMT 2005
My agency is moving all users and computers to a new domain. Our current domain uses AD and the new domain will use AD. My current samba servers are running 3.0.20a with ADS security with winbind on Debian Stable (Sarge) with no problems.
I set up a test samba server using 3.0.20b, the new krb5.conf and smb.conf.
kinit works fine. ("Authenticated to Kerberos v5")
I prestage the server by adding it to my OU with rights to add it to the domain as I have always done.
When I go to add it to the domain with
net ads join -U mmaki at NEW.DOMAIN.NET
and enter my password
ads_add_machine_acct: Host account for smbtest already exists - modifying old account
(which is normal for prestaged machines)
ads_join_realm: ads_add_machine_acct failed (smbtest): Insufficient access
ads_join_realm: Insufficient access
I have no problem adding Windows workstations with the same account, it's just adding the samba server.
What could I be missing?
Here is my smb.conf:
netbios name = smbtest
workgroup = NEW
realm = NEW.DOMAIN.NET
security = ADS
password server = 10.0.1.1
log file = /usr/local/samba/var/%m.log
preferred master = No
local master = No
domain master = No
idmap uid = 10000-40000
idmap gid = 10000-40000
# winbind use default domain = Yes
winbind enum users = No
winbind enum groups = No
winbind nested groups = Yes
socket options = TCP_NODELAY
socket options = SO_RCVBUF=8192
path = /home
read only = No
admin users = "NEW\mmaki"
More information about the samba