[Samba] Failed to set servicePrincipalNames 3.023rc3

Gerald (Jerry) Carter jerry at samba.org
Mon Jul 3 14:42:19 GMT 2006

Hash: SHA1

Henrik Zagerholm wrote:
> Just got a little curious on the "non-admin" part.
> I used the domain bultin Administrator account to join 
> the domain. I know this account is member of both
> domain admin and enterprise admins.
> BTW Does this account need to set Primary Group to 
> Domain Admins for it to work with Samba? MS States
> that you don't need to set the primary group if you
> don't use Macintosh or other POSIX clients... so maybe
> this one need to be set to Domain Admins? (It is
> Domain Users now..)

No.  We don't worry about primary group membership.
The authorization check is done by AD anyways.
If you have ADSIedit installed, check the security
permissions for that account on the machine object.
I would expect the failure if you are restricted to
'validated writes' to dNSHostName and servicePrincipalName.

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the samba mailing list