[Samba] Unable to rejoin domain, LDAP error 50
Rowland Penny
rpenny at samba.org
Tue Apr 3 15:52:37 UTC 2018
On Tue, 3 Apr 2018 17:36:35 +0200
Krzysztof Paszkowski via samba <samba at lists.samba.org> wrote:
> I'm sorry, you're absolutely right. I'm not sure why I didn't follow
> your hint. My fault.
>
> Now, it seems I have exactly the same output as you:
>
> [root at dc private]# net rpc rights list accounts -U Administrator
>
> BUILTIN\Administrators
> SeSecurityPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeSystemtimePrivilege
> SeShutdownPrivilege
> SeRemoteShutdownPrivilege
> SeTakeOwnershipPrivilege
> SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> SeSystemProfilePrivilege
> SeProfileSingleProcessPrivilege
> SeIncreaseBasePriorityPrivilege
> SeLoadDriverPrivilege
> SeCreatePagefilePrivilege
> SeIncreaseQuotaPrivilege
> SeChangeNotifyPrivilege
> SeUndockPrivilege
> SeManageVolumePrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
> SeInteractiveLogonRight
> SeNetworkLogonRight
> SeRemoteInteractiveLogonRight
>
The above is the relevant set of rights for the Administrator.
Administrator is a member of the following groups:
memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=samdom,DC=example,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=samdom,DC=example,DC=com
Amongst which is 'Administrators', so could (for whatever reason)
Administrator have been removed from the 'Administrators' group ?
Another thought, have you given 'Administrator' a uidNumber attribute ?
Or has 'Administrator' been removed from idmap.ldb ?
Rowland
More information about the samba
mailing list