[Samba] Unable to rejoin domain, LDAP error 50
Rowland Penny
rpenny at samba.org
Tue Apr 3 16:26:33 UTC 2018
On Tue, 3 Apr 2018 18:09:18 +0200
Krzysztof Paszkowski via samba <samba at lists.samba.org> wrote:
> There was lack of membership in Administrators domain/Builtin group.
> I had only:
> Domain Users
> Group Policy Creator Owners
> Enterprise Admins
> Schema Admins
> Domain Admins
You should only have:
Domain Admins
Administrator
Enterprise Admins
You definitely shouldn't have Domain Users, this make ALL your domain
users into admins and I don't think you want that ;-)
>
> Any hint with the recreation of keytab file?
>
Do you actually need the keytab ? It is only required if something like
Dovecot needs to auth to AD.
If you do need the keytab, you can create it with samba-tool:
samba-tool domain exportkeytab
This will create a keytab with all the keytabs in it, if you just want
one keytab, add '--principal=PRINCIPAL'.
Add '--help' to the command above for more info
Rowland
More information about the samba
mailing list