[Samba] ads_join_realm: Insufficient access

Toby Bluhm tkbsmb at midwestinstruments.com
Fri Feb 9 13:15:26 GMT 2007 

Brijesh Shukla wrote:
> Hi Samba List;
> Kindly help me, I am stuck with this problem since long time.
> I am trying to join windows 2003 Active Directory using Linux client.
> I am able to join Windows 2003 Active directory using administrator 
> account
> (I mean if i am giving the command like
> net ads join -U administrator then it work perfectly ) 

Perfectly normal default operation.

> on the other hand if
> i try to with normal user account let say "bshukla" then I am always 
> getting
> this problem..."ads_join_realm: Insufficient access"..

User "bshukla" does not have rights to add machines to the domain. 
Again, perfectly normal default operation.

>
> On the same time I am able to access Windows 2003 Active directory with
> bshukla account using windows-xp based PC..
>
> I am astonish kerberos is working fine because I am able to get ticket on
> bshukla user account but "net ads join -U bshukla" is not giving desired
> result..

What are you trying to achieve? You are already able to add your Linux 
box to the domain and only need to do it once. By default, non-admin 
users cannot join machines to the domain. If you want user "bshukla" to 
be able to do that, the right will have to be granted in Windows AD.


> I am attaching the log of my work...
> Kindly suggest me what i have to do..
> ******************LOG FILE*************************************
>
> [root at localhost ~]# kinit bshukla at TECPDC1.CO.JP
> Password for bshukla at TECPDC1.CO.JP:
>
>
> [root at localhost ~]#  net ads join -U bshukla
>
> [2007/02/09 20:21:36, 0] libads/ldap.c:ads_add_machine_acct(1405)
>  ads_add_machine_acct: Host account for localhost already exists -
> modifying old account
> [2007/02/09 20:21:36, 0] libads/ldap.c:ads_join_realm(1763)
>  ads_join_realm: ads_add_machine_acct failed (localhost): Insufficient
> access
> ads_join_realm: Insufficient access
> ***********************End of Log****************************
>
> Thanks in advance
> Brijesh Shukla


-- 

-Toby

More information about the samba mailing list