I need help to resolve this issue. I saw that Andrew put a patch by Antti to enable users without full admin access to join samba into an AD domain. I am playing with it and always get "Insufficient access". Using the same user, I can join a Windows box into the domain just fine. The user is a member of "domain users", but not "domain admins". I can use a user in "domain admins" to join the AD domain fine too. I tried with beta3, and it's the same as alpha24 and alpha21 (a21 did not have Antti's patch).
So my question is, is this supported, or broken, or am I using it wrong? The failure happens during ldap_add_s called from ads_add_machine_acct(). I do kinit before the "net ads join" command. However I haven't found where the kerberos ticket was used before the failure although the ticket does make a difference. Thanks, Chere -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba