Re: [Samba] Joining a domain with a non-administrator account

[David Sonenberg]

I guess I wasn't clear.  My PDC is samba box.  It's not Active Directory.
Wayne Rasmussen wrote:

In Active Directory, make sure the console is view->Advance Features.  In
the OU there should be a computer account for this machine.  Open it and go
to the security tab.  Click on the add button, then add the user you are
using with kinit.  Go to the permissions section for this user, make sure he
has the following permissions  or checked to allow: Read, Write, Reset
Password, Validate Write to DNS Hostname, Validate Write to Service
Principal Name.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
David Sonenberg
Sent: Tuesday, February 08, 2005 8:14 AM
To: samba@lists.samba.org
Subject: [Samba] Joining a domain with a non-administrator account

I'm trying to set it up so I can join the domain with a regular user
that is part of the domain admin group.  I have a user
dsonenberg that
is in the domain admin group(512), but I can't join the
domain with that
account.  For the record I can login with that account and
Administrator
can join the domain.  The PDC has an LDAP backend.  Here's the log.

2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we
would close
all old resources.
[2005/02/08 10:26:25, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we
would close
all old resources.
[2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: dsonenberg
[2005/02/08 10:26:25, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 512
[2005/02/08 10:26:25, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [dsonenberg] ->
[dsonenberg] -> [dsonenberg] succeeded
[2005/02/08 10:26:25, 2] smbd/server.c:exit_server(571)
 Closing connections
[2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we
would close
all old resources.
[2005/02/08 10:26:26, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we
would close
all old resources.
[2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: dsonenberg
[2005/02/08 10:26:26, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 512
[2005/02/08 10:26:26, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [dsonenberg] ->
[dsonenberg] -> [dsonenberg] succeeded
[2005/02/08 10:26:26, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain STROZLLC ->
S-1-5-21-1001378032-4272845324-1772824492
[2005/02/08 10:26:26, 2]
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x00000211)
[2005/02/08 10:26:26, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain STROZLLC ->
S-1-5-21-1001378032-4272845324-1772824492
[2005/02/08 10:26:26, 2]
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
 _samr_create_user: ACCESS DENIED (granted: 0x00000201;  required:
0x00000010)
[2005/02/08 10:26:26, 2] smbd/server.c:exit_server(571)
 Closing connections

--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba