Brad Langhorst
2005-Jul-22 19:16 UTC
[Samba] can't join to a domain... can_add_account is returning false
I have just set up a domain and am trying to join a machine to it. When i watch the log i see [2005/07/22 14:56:26, 5] rpc_server/srv_samr_nt.c:_samr_create_user(2311) _samr_create_user: can add this account : False Error: modifications require authentication at /usr/share/perl5/smbldap_tools.pm line 892, <DATA> line 283. [2005/07/22 14:56:28, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "newt$"' gave 127 so for some reason my account (root) is not passing the can_add_account test and the add user script is not being run as root. I don't know why since root is a member of the correct groups #groups root root : Domain Admins Administrators I've also tried it with "Administrator" who is a member of the same groups This is with the ldapsam backend for samba and libnss_ldap for linux. I thought I'd ask while I wait for samba to compile with my debugging in there... What did I do wrong? brad
Gerald (Jerry) Carter
2005-Jul-25 13:36 UTC
[Samba] can't join to a domain... can_add_account is returning false
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brad Langhorst wrote: | I have just set up a domain and am trying to join a machine to it. | When i watch the log i see | | [2005/07/22 14:56:26, 5] | rpc_server/srv_samr_nt.c:_samr_create_user(2311) | _samr_create_user: can add this account : False | Error: modifications require authentication | at /usr/share/perl5/smbldap_tools.pm line 892, <DATA> line 283. | [2005/07/22 14:56:28, 0] | rpc_server/srv_samr_nt.c:_samr_create_user(2324) | _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w | "newt$"' gave 127 | | so for some reason my account (root) is not passing | the can_add_account test and the add user script is | not being run as root. | | I don't know why since root is a member of the correct groups Technically root doesn't need any extra privileges. Run a level 10 debug log and look for SE_PRIV to see what privileges have been assigned though just out of curiousity. | Error: modifications require authentication | at /usr/share/perl5/smbldap_tools.pm line 892, <DATA> line 283. This implies that your script is connecting anonymously. OpenLDAP doesn't allow anonymous updatres by default (starting with OL 2.1 IIRC). SO you would have to add 'allow update_anon' to slapd.conf. But of course, this is like adding 'guest account = root' in smb.conf. :-) It's a really bad idea. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC5OrVIR7qMdg1EfYRAmaaAJ9xqSLofIDAk23mFVj1DLWptfuCdQCglcIS F2cjMD7Hsthq+Wmw7EQjgOA=6gxb -----END PGP SIGNATURE-----
Maybe Matching Threads
- Questions about 3.0.12rc1
- Error looking for next uid at /usr/share/perl5/smbldap_tools.pm
- Samba4 + external ldap
- Adding machine to domain fails - check permissions? (ldap)
- SMBLDAP tools reports "modifications require authentication at /usr/sbin//smbldap_tools.pm" but manually command works.