[Samba] Re: How to join a domain without using root?
Steve A
gmane at rowyerboat.com
Mon Jul 3 22:54:22 GMT 2006
John H Terpstra wrote:
> On Monday 03 July 2006 13:45, Steve A wrote:
>> This is part of a larger post that was maybe too complicated for me to
>> get the right answer, so I'm breaking it down and will do it bit by bit.
>>
>> Server is Samba-3 PDC, clients are NT4 & XP.
>>
>> I can join the domain using root credentials (so the add machine script
>> works), but not when using 'administrator'.
>>
>> unixuser 'administrator' has primary unixgroup 'ntadmins'.
>> 'ntadmins' is mapped to sambagroup 'Domain Admins'.
>> Samba 'administrator' has SID from <net getlocalsid>-500
>>
>> I cannot join the domain using 'administrator' - I get error "The machine
>> account for this computer either does not exist or is anaccessible". But
>> if I change the unix uid/gid for 'administrator' - it works.
>>
>> So...
>>
>> 1.
>> To clarify, does Samba automatically map usernames in smbpasswd to
>> identical unix usernames?
>>
>> 2.
>> I was referred to the 'net' command to map some NT rights to NT groups.
>> However, when I type 'net rpc rights list accounts' there are no domain
>> groups listed, only 'BUILTIN\...' groups. Is this correct? Because I
>> would like to add the SeMachineAccountPrivilege to the
>> DOMAIN\Administrators group (if that's the right way to solve my
>> problem).
>>
>
> Suggest you read the chapter in the Samba3-HOWTO regarding User Rights and
> Privileges. The answer to your question is in there.
Thanks for the reply John, but I bought your book specially. Either it
doesn't answer all my questions, or I'm clearly misunderstanding it. I
tried all this stuff but there was no way I could get it to say
"Successfully granted rights", although it would appear to successfully
remove them even though the 'list accounts' wouldn't show them. I started
from scratch and at this stage it now works. I don't know what was wrong
but hey...
Steve :)
More information about the samba
mailing list