Brijesh Shukla wrote:> Hi Samba List;
> Kindly help me, I am stuck with this problem since long time.
> I am trying to join windows 2003 Active Directory using Linux client.
> I am able to join Windows 2003 Active directory using administrator
> account
> (I mean if i am giving the command like
> net ads join -U administrator then it work perfectly )
Perfectly normal default operation.
> on the other hand if
> i try to with normal user account let say "bshukla" then I am
always
> getting
> this problem..."ads_join_realm: Insufficient access"..
User "bshukla" does not have rights to add machines to the domain.
Again, perfectly normal default operation.
>
> On the same time I am able to access Windows 2003 Active directory with
> bshukla account using windows-xp based PC..
>
> I am astonish kerberos is working fine because I am able to get ticket on
> bshukla user account but "net ads join -U bshukla" is not giving
desired
> result..
What are you trying to achieve? You are already able to add your Linux
box to the domain and only need to do it once. By default, non-admin
users cannot join machines to the domain. If you want user "bshukla"
to
be able to do that, the right will have to be granted in Windows AD.
> I am attaching the log of my work...
> Kindly suggest me what i have to do..
> ******************LOG FILE*************************************
>
> [root@localhost ~]# kinit bshukla@TECPDC1.CO.JP
> Password for bshukla@TECPDC1.CO.JP:
>
>
> [root@localhost ~]# net ads join -U bshukla
>
> [2007/02/09 20:21:36, 0] libads/ldap.c:ads_add_machine_acct(1405)
> ads_add_machine_acct: Host account for localhost already exists -
> modifying old account
> [2007/02/09 20:21:36, 0] libads/ldap.c:ads_join_realm(1763)
> ads_join_realm: ads_add_machine_acct failed (localhost): Insufficient
> access
> ads_join_realm: Insufficient access
> ***********************End of Log****************************
>
> Thanks in advance
> Brijesh Shukla
--
-Toby