Re: [Samba] net ads join requires full domain admin account?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Schiffbauer wrote: |> Problem: I have an account that allows me to join |> an AD domain, this works fine from any win box. However |> it fails with "ads_add_machine_acct (client_name): |> Insufficient access" when I do a net ads join from a linux |> box. To get samba to join the domain, I have to use |> an account with full domain admin privs. (ie net |> ads join -Ufull_domain_admin) |> |> Is this expected behavior? | | I just wanted to confirm that. I saw the same while | I was trying to add my Samba machine to an AD. The acls on you machine object or parent OU in AD are wrong then. I can successfully join Samba boxes to an AD domain without being a domain admin. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCDNnSIR7qMdg1EfYRAm+NAJ4tTHU1ULsnf6VCIBUlUBRFNRFaNACfWDlj IXmrB82nkQ6LYqFxAW9w0IA= =oT/C -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join requires full domain admin account?
* [EMAIL PROTECTED] schrieb am 10.02.05 um 21:35 Uhr: > Problem: I have an account that allows me to join an AD domain, this works > fine from any win box. However it fails with "ads_add_machine_acct > (client_name): Insufficient access" when I do a net ads join from a linux > box. To get samba to join the domain, I have to use an account with full > domain admin privs. (ie net ads join -Ufull_domain_admin) > > > > Is this expected behavior? I just wanted to confirm that. I saw the same while I was trying to add my Samba machine to an AD. -Marc -- ° what is the legal age to buy alcoholic in england ? ° ° you cant buy alcoholics ° ° but if you wink the right way, ° ° some of them will follow you home for free ° -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join requires full domain admin account?
Problem: I have an account that allows me to join an AD domain, this works fine from any win box. However it fails with "ads_add_machine_acct (client_name): Insufficient access" when I do a net ads join from a linux box. To get samba to join the domain, I have to use an account with full domain admin privs. (ie net ads join -Ufull_domain_admin) Is this expected behavior? The linux box is running Fedora Core 3, samba 3.0.10-1, krb 1.3.6-2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
