[Samba] Failed to set servicePrincipalNames 3.023rc3

Gerald (Jerry) Carter jerry at samba.org
Mon Jul 3 14:42:19 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Henrik Zagerholm wrote:
> 
> Just got a little curious on the "non-admin" part.
> I used the domain bultin Administrator account to join 
> the domain. I know this account is member of both
> domain admin and enterprise admins.
> 
> BTW Does this account need to set Primary Group to 
> Domain Admins for it to work with Samba? MS States
> that you don't need to set the primary group if you
> don't use Macintosh or other POSIX clients... so maybe
> this one need to be set to Domain Admins? (It is
> Domain Users now..)

No.  We don't worry about primary group membership.
The authorization check is done by AD anyways.
If you have ADSIedit installed, check the security
permissions for that account on the machine object.
I would expect the failure if you are restricted to
'validated writes' to dNSHostName and servicePrincipalName.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEqSzLIR7qMdg1EfYRAm0bAKCO3vRyz9fXzbo+nbiL1eokl2P0AwCdGgqH
phN+x+i+pOcfq/dy8kiBahk=
=ZvtF
-----END PGP SIGNATURE-----


More information about the samba mailing list