[Samba] Unable to rejoin domain, LDAP error 50
Krzysztof Paszkowski
kylo at kimpa.pl
Tue Apr 3 16:09:18 UTC 2018
There was lack of membership in Administrators domain/Builtin group.
I had only:
Domain Users
Group Policy Creator Owners
Enterprise Admins
Schema Admins
Domain Admins
I've added and I'll try. Thank you.
Any hint with the recreation of keytab file?
Regards,
Kris
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Tuesday, April 3, 2018 5:53 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Unable to rejoin domain, LDAP error 50
On Tue, 3 Apr 2018 17:36:35 +0200
Krzysztof Paszkowski via samba <samba at lists.samba.org> wrote:
> I'm sorry, you're absolutely right. I'm not sure why I didn't follow
> your hint. My fault.
>
> Now, it seems I have exactly the same output as you:
>
> [root at dc private]# net rpc rights list accounts -U Administrator
>
> BUILTIN\Administrators
> SeSecurityPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeSystemtimePrivilege
> SeShutdownPrivilege
> SeRemoteShutdownPrivilege
> SeTakeOwnershipPrivilege
> SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> SeSystemProfilePrivilege
> SeProfileSingleProcessPrivilege
> SeIncreaseBasePriorityPrivilege
> SeLoadDriverPrivilege
> SeCreatePagefilePrivilege
> SeIncreaseQuotaPrivilege
> SeChangeNotifyPrivilege
> SeUndockPrivilege
> SeManageVolumePrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
> SeInteractiveLogonRight
> SeNetworkLogonRight
> SeRemoteInteractiveLogonRight
>
The above is the relevant set of rights for the Administrator.
Administrator is a member of the following groups:
memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=samdom,DC=example,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=samdom,DC=example,DC=com
Amongst which is 'Administrators', so could (for whatever reason) Administrator have been removed from the 'Administrators' group ?
Another thought, have you given 'Administrator' a uidNumber attribute ?
Or has 'Administrator' been removed from idmap.ldb ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list