This is part of a larger post that was maybe too complicated for me to get the right answer, so I'm breaking it down and will do it bit by bit. Server is Samba-3 PDC, clients are NT4 & XP. I can join the domain using root credentials (so the add machine script works), but not when using 'administrator'. unixuser 'administrator' has primary unixgroup 'ntadmins'. 'ntadmins' is mapped to sambagroup 'Domain Admins'. Samba 'administrator' has SID from <net getlocalsid>-500 I cannot join the domain using 'administrator' - I get error "The machine account for this computer either does not exist or is anaccessible". But if I change the unix uid/gid for 'administrator' - it works. So... 1. To clarify, does Samba automatically map usernames in smbpasswd to identical unix usernames? 2. I was referred to the 'net' command to map some NT rights to NT groups. However, when I type 'net rpc rights list accounts' there are no domain groups listed, only 'BUILTIN\...' groups. Is this correct? Because I would like to add the SeMachineAccountPrivilege to the DOMAIN\Administrators group (if that's the right way to solve my problem). Many thanks, Steve :)
Steve A
2006-Jul-03 18:53 UTC
[Samba] Re: How to join a domain without using root? (Correction)
Steve A wrote:> if I change the unix uid/gid for 'administrator' - it works.If I change the unix uid/gid for 'administrator to 0:0 - it works. Steve :)
On Monday 03 July 2006 13:45, Steve A wrote:> This is part of a larger post that was maybe too complicated for me to get > the right answer, so I'm breaking it down and will do it bit by bit. > > Server is Samba-3 PDC, clients are NT4 & XP. > > I can join the domain using root credentials (so the add machine script > works), but not when using 'administrator'. > > unixuser 'administrator' has primary unixgroup 'ntadmins'. > 'ntadmins' is mapped to sambagroup 'Domain Admins'. > Samba 'administrator' has SID from <net getlocalsid>-500 > > I cannot join the domain using 'administrator' - I get error "The machine > account for this computer either does not exist or is anaccessible". But > if I change the unix uid/gid for 'administrator' - it works. > > So... > > 1. > To clarify, does Samba automatically map usernames in smbpasswd to > identical unix usernames? > > 2. > I was referred to the 'net' command to map some NT rights to NT groups. > However, when I type 'net rpc rights list accounts' there are no domain > groups listed, only 'BUILTIN\...' groups. Is this correct? Because I > would like to add the SeMachineAccountPrivilege to the > DOMAIN\Administrators group (if that's the right way to solve my problem). >Suggest you read the chapter in the Samba3-HOWTO regarding User Rights and Privileges. The answer to your question is in there. - John T.