[Samba] net ads join must use AD Administrator account ?

2007-11-14 Thread Jeff Lee 

Hi all,

I want to configure a samba server (3.0.25b) with krb5-1.6.2, 
openldap-2.3.37 and db-4.6.18 for single sign-on purpose. I have some 
questions.


1. Is the AD Administrator account for Samba to kinit and net join the 
AD only ?
2. Can I use a common user with Create Computer Objects permission to 
kinit and net join AD ?
3. I got Failed to join domain: Strong(er) authentication required 
error message when I run net ads join using non-administrator user 
account. Is it the error message of using non-administrator account to 
net ads join ?


Can anyone help ?

Thanks,
Jeff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net ads join must use AD Administrator account ?

2007-11-14 Thread Eric Roseme 



Jeff Lee wrote:

Hi all,

I want to configure a samba server (3.0.25b) with krb5-1.6.2, 
openldap-2.3.37 and db-4.6.18 for single sign-on purpose. I have some 
questions.


1. Is the AD Administrator account for Samba to kinit and net join the 
AD only ?
2. Can I use a common user with Create Computer Objects permission to 
kinit and net join AD ?
3. I got Failed to join domain: Strong(er) authentication required 
error message when I run net ads join using non-administrator user 
account. Is it the error message of using non-administrator account to 
net ads join ?


Can anyone help ?

Thanks,
Jeff


Read this:

http://www.docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf

I wrote it for HP CIFS Server, but it's the same for Opensource Samba.

Eric Roseme
Hewlett-Packard
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba