I have tried applied this patch and it doesnt seem to work!
i used "bash# patch -p1 < /tmp/domain_admin-join.patch" then "./configure --prefix=/usr/local/ --with-ldapsam" then "make" then "make install"
I already have a machine account in LDAP
my user is a member of domain admins
"bash# id ws0dwi
uid=186712(ws0dwi) gid=901(uni-staff-itacs) groups=901(uni-staff-itacs),512(Domain Admins),513(Domain Users),902(uni-staff-itacs-systems),921(uni-staff-srvs),922(uni-staff-srvs-devtrust)"
On windows 2000 pro i get a msg box saying "Logon failure: unkown username or bad password"
Error logs on samba say:
[2005/01/12 10:38:07, 2] lib/smbldap.c:smbldap_open_connection(692)
smbldap_open_connection: connection opened
[2005/01/12 10:38:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: ws0dwi
[2005/01/12 10:38:07, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [ws0dwi] -> [ws0dwi] -> [ws0dwi] succeeded
[2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain UNI-STAFF -> S-1-5-21-82148923-2461359520-1342846908
[2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93)
_samr_open_domain: ACCESS DENIED (requested: 0x00000211)
[2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
Returning domain sid for domain UNI-STAFF -> S-1-5-21-82148923-2461359520-1342846908
[2005/01/12 10:38:08, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115)
_samr_create_user: ACCESS DENIED (granted: 0x00000201; required: 0x00000010)
[2005/01/12 10:38:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
init_sam_from_ldap: Entry found for user: ws0dwi
[2005/01/12 10:38:09, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [ws0dwi] -> [ws0dwi] -> [ws0dwi] succeeded
any ideas? We really need this feature!!!!!!!!
Cheers, Dan
Gerald (Jerry) Carter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hunter Rognstad wrote:
| I've been able to succesfully join XP boxes to the samba domain on samba
| 2.2.3a (yes, I know it's old), registering the machine name and so
| forth, as many guides and so forth have shown online. However, it
| requires entering root's smbpasswd when joining the domain -- and I'd
| rather not have a Windows machine with any sort of remotely related root
| access to our servers, especially having the capability of a root login.
|
| I'm curious, since SAMBA is its own project and should be able to work
| around it, if it's possible to join the domain without allowing the user
| root to log into it. I've tried having invalid users = root, and
| experimented with the domain admin group and admin users settings to
| work around it, but to no avail. I've googled for a solution, and found
| no suggestions.
I posted an experimental patch last week that allows domains admins (defined by the group mapping) to join machines to the domain. It's at http://samba.org/~jerry/patches/post-3.0.10/
I'm reworking things now to use a privliege based model (based on code by Simo Sorce) so it will change before 3.0.11 I'm sure.
cheers, jerry ===================================================================== Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB5D0zIR7qMdg1EfYRAnaGAKCOeASLx1d2T2N+h8pKoLU/TB15WwCgtlQY VF0M7tX7v0P5eXu33p022ao= =Esrd -----END PGP SIGNATURE-----
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Daniel Wilson Systems Administrator
IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically
stated.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
