Hi, I've been struggling with this for a while now, and i can't figure out whats missing. I have a valid user, who is also a member of the "Domain Admins" group. I can login with smbclient just fine, but administrative rights aren't recognized when i try to join the domain. Group is mapped to the proper SID and a matching POSIX group (just in case). Backend is ldapsam. Here are the relevent chunks from ldap:
dn: sambaDomainName=**********,dc=*****,dc=*** sambaDomainName: ********** sambaSID: S-1-5-21-2608521594-2523984132-290594028 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain dn: cn=Domain Admins,ou=groups,dc=******,dc=*** objectClass: posixGroup objectClass: sambaGroupMapping cn: Domain Admins gidNumber: 1003 sambaSID: S-1-5-21-2608521594-2523984132-290594028-512 sambaGroupType: 2 memberUid: travis dn: uid=travis,ou=users,dc=******,dc=*** objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSAMAccount cn: travis sn: travis uid: travis uidNumber: 1002 gidNumber: 1003 homeDirectory: /home/travis loginShell: /bin/bash gecos: System User description: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaAcctFlags: [UX] sambaSID: S-1-5-21-2608521594-2523984132-290594028-3004 sambaPrimaryGroupSID: S-1-5-21-2608521594-2523984132-290594028-512 sambaHomeDrive: H: sambaLogonScript: travis.cmd sambaLMPassword: ******************************** sambaPwdLastSet: 1081021518 sambaNTPassword: ******************************** ------------------------ output of 'net groupmap list': Domain Users (S-1-5-21-2608521594-2523984132-290594028-513) -> Domain Users Domain Admins (S-1-5-21-2608521594-2523984132-290594028-512) -> Domain Admins Domain Guests (S-1-5-21-2608521594-2523984132-290594028-514) -> Domain Guests ------------------------ output of 'net join -d 2 -U travis *******': [2004/04/03 15:26:50, 0] param/loadparm.c:map_parameter(2418) Unknown parameter encountered: "domain admin group" [2004/04/03 15:26:50, 0] param/loadparm.c:lp_do_parameter(3056) Ignoring unknown parameter "domain admin group" [2004/04/03 15:26:50, 2] lib/interface.c:add_interface(79) added interface ip=192.168.0.4 bcast=192.168.0.255 nmask=255.255.255.0 travis password: [2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484) Got a positive name query response from 127.0.0.1 ( 192.168.0.4 ) [2004/04/03 15:26:52, 1] utils/net_ads.c:ads_startup(181) ads_connect: Connection refused [2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484) Got a positive name query response from 127.0.0.1 ( 192.168.0.4 ) [2004/04/03 15:26:52, 1] utils/net_rpc.c:run_rpc_command(138) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Create of workstation account failed User specified does not have administrator privileges Unable to join domain ************. [2004/04/03 15:26:53, 2] utils/net.c:main(767) return code = 1 ------------------------ smb.conf: passdb backend = ldapsam:ldap://********** ldap suffix = dc=*******,dc=*** ldap machine suffix = ou=computers ldap user suffix = ou=users ldap admin dn = "cn=admin,dc=netfoo,dc=org" ldap ssl = no ldap delete dn = no workgroup = ********** netbios name = ******* comment = ldap samba test server security = user null passwords = yes encrypt passwords = yes domain master = yes domain logons = yes preferred master = yes os level = 255 wins support = yes public = No browseable = yes writable = yes ------------------------ If anyone sees what I'm missing, it would be greatly appreciated. Thanks --Travis Groth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
