Also, using a windows XP client, i can join the machine to the ads realm using the same account that i try to use (and fails) with the samba server
ADS Server, is Windows Server 2003 Enterprise running in forest and domain mode of windows server 2003, there must be some permission that Samba requires to join an ADS Realm that i'm not aware of.. has anyone else come across a similar problem?
Samba version is 3.0.6, if anyone is following this let me know if you need a debug log, although it seems that its purely a windows configuration issue
Daniel Ramaley wrote:
I don't know about Samba specifically, but in the active directory here i have an account just for joining Windows machines to the domain. The account only has 2 permissions set in group policy, both of which apply to computer objects: Write All Properties, and Reset Password.
On Tuesday 07 September 2004 03:27 pm, Tavis wrote:
I'm setting up a windows server 2003 ADS Realm with a few samba servers associating to it, however i've found that the accounts on the DC that i use to associate samba with need to be in the administrator group otherwise the association fails. ("ads_join_realm: Insufficient access")
I'm just curious what the absolute minimum privileges are on the
Windows Server 2003 DC to allow the Samba server to Join the ADS
Realm? I don't like the idea of giving the accounts used by samba
administrative access, and it just doesn't seem necessary.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
