Uh...yes? root doesn't have a samba account. 'travis' is in the domain admins group though, which is all you need to join a domain afaik. Take a look at the ldap chunks and 'net groupmap list' output. Its either something really stupid or i've uncovered a bug...according to all the documentation I've seen and examples i've followed, I haven't missed anything.
--Travis On Mon, 2004-04-05 at 02:02, Ron Dhillon wrote: > Travis, > > Are you trying to join the domain with this account that is part of the > Domain Administrators group? By design, Samba only allows the root > account to join computers to the domain. If you are using the usermap > function in your smb.conf file, the you can use any name that is aliased > to the root account. > > Ron > > Travis Groth wrote: > > >Hi, > > > >I've been struggling with this for a while now, and i can't figure out > >whats missing. I have a valid user, who is also a member of the "Domain > >Admins" group. I can login with smbclient just fine, but administrative > >rights aren't recognized when i try to join the domain. Group is > >mapped to the proper SID and a matching POSIX group (just in case). > >Backend is ldapsam. Here are the relevent chunks from ldap: > > > >dn: sambaDomainName=**********,dc=*****,dc=*** > >sambaDomainName: ********** > >sambaSID: S-1-5-21-2608521594-2523984132-290594028 > >sambaAlgorithmicRidBase: 1000 > >objectClass: sambaDomain > > > >dn: cn=Domain Admins,ou=groups,dc=******,dc=*** > >objectClass: posixGroup > >objectClass: sambaGroupMapping > >cn: Domain Admins > >gidNumber: 1003 > >sambaSID: S-1-5-21-2608521594-2523984132-290594028-512 > >sambaGroupType: 2 > >memberUid: travis > > > >dn: uid=travis,ou=users,dc=******,dc=*** > >objectClass: top > >objectClass: inetOrgPerson > >objectClass: posixAccount > >objectClass: shadowAccount > >objectClass: sambaSAMAccount > >cn: travis > >sn: travis > >uid: travis > >uidNumber: 1002 > >gidNumber: 1003 > >homeDirectory: /home/travis > >loginShell: /bin/bash > >gecos: System User > >description: System User > >sambaLogonTime: 0 > >sambaLogoffTime: 2147483647 > >sambaKickoffTime: 2147483647 > >sambaPwdCanChange: 0 > >sambaPwdMustChange: 2147483647 > >displayName: System User > >sambaAcctFlags: [UX] > >sambaSID: S-1-5-21-2608521594-2523984132-290594028-3004 > >sambaPrimaryGroupSID: S-1-5-21-2608521594-2523984132-290594028-512 > >sambaHomeDrive: H: > >sambaLogonScript: travis.cmd > >sambaLMPassword: ******************************** > >sambaPwdLastSet: 1081021518 > >sambaNTPassword: ******************************** > > > >------------------------ > > > >output of 'net groupmap list': > > > >Domain Users (S-1-5-21-2608521594-2523984132-290594028-513) -> Domain > >Users > >Domain Admins (S-1-5-21-2608521594-2523984132-290594028-512) -> Domain > >Admins > >Domain Guests (S-1-5-21-2608521594-2523984132-290594028-514) -> Domain > >Guests > > > >------------------------ > > > >output of 'net join -d 2 -U travis *******': > > > >[2004/04/03 15:26:50, 0] param/loadparm.c:map_parameter(2418) > > Unknown parameter encountered: "domain admin group" > >[2004/04/03 15:26:50, 0] param/loadparm.c:lp_do_parameter(3056) > > Ignoring unknown parameter "domain admin group" > >[2004/04/03 15:26:50, 2] lib/interface.c:add_interface(79) > > added interface ip=192.168.0.4 bcast=192.168.0.255 nmask=255.255.255.0 > >travis password: > >[2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484) > > Got a positive name query response from 127.0.0.1 ( 192.168.0.4 ) > >[2004/04/03 15:26:52, 1] utils/net_ads.c:ads_startup(181) > > ads_connect: Connection refused > >[2004/04/03 15:26:52, 2] libsmb/namequery.c:name_query(484) > > Got a positive name query response from 127.0.0.1 ( 192.168.0.4 ) > >[2004/04/03 15:26:52, 1] utils/net_rpc.c:run_rpc_command(138) > > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > >Create of workstation account failed > >User specified does not have administrator privileges > >Unable to join domain ************. > >[2004/04/03 15:26:53, 2] utils/net.c:main(767) > > return code = 1 > > > >------------------------ > >smb.conf: > > > >passdb backend = ldapsam:ldap://********** > >ldap suffix = dc=*******,dc=*** > >ldap machine suffix = ou=computers > >ldap user suffix = ou=users > >ldap admin dn = "cn=admin,dc=netfoo,dc=org" > >ldap ssl = no > > > >ldap delete dn = no > > > > workgroup = ********** > >netbios name = ******* > >comment = ldap samba test server > >security = user > >null passwords = yes > >encrypt passwords = yes > > > > domain master = yes > >domain logons = yes > >preferred master = yes > >os level = 255 > > > > > >wins support = yes > > > > > >public = No > >browseable = yes > >writable = yes > > > >------------------------ > > > > > >If anyone sees what I'm missing, it would be greatly appreciated. > > > >Thanks > > > >--Travis Groth > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
