[Samba] Access denied when joining

[David Janssens]

Hello,

I wonder what I miss, my installation worked perfectly until my upgrade
to 3.0.23c version.
This is an ldap-based install and I use the following directive to add
machines (IDEALX script) :
add machine script = /usr/sbin/smbldap-useradd -w '%u'

1) Now, under WinXP, joining a new computer to domain fail with the
message "Access denied".

2) Under linux the command
	net join -Uroot -Ssrv
results in message :
	Creation of workstation account failed
	User specified does not have administrator privileges
	Unable to join domain dom01

3) The existing computer-accounts work perfectly.

4) When adding the computer manually with the command "smbpasswd -a -m
machine" , the join works.

5) Some suspect lines in the logs :
	the following lines are shown when the samba starting up
[snip]
ldapsam_getgroup: Did not find group
fetch gid from cache 10034 -> S-1-5-32-544
fetch gid from cache 10035 -> S-1-5-32-545
get_privileges: No privileges assigned to SID
[S-1-5-21-2956855470-868800762-1351664614-501]
get_privileges: No privileges assigned to SID [S-1-22-2-65534]
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-32-546]
ldapsam_getgroup: Did not find group
ldapsam_getgroup: Did not find group
ldapsam_getgroup: Did not find group
[snip]
	the following lines are shown when joining
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
ldapsam_getsampwnam: Unable to locate user [PT-DAVID$] count=0
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
get_md4pw: Workstation PT-DAVID$: no account in domain
_net_auth2: failed to get machine password for account PT-DAVID$:
NT_STATUS_ACCESS_DENIED
free_pipe_context: destroying talloc pool of size 56