Hi all, I want to configure a samba server (3.0.25b) with krb5-1.6.2, openldap-2.3.37 and db-4.6.18 for single sign-on purpose. I have some questions. 1. Is the AD Administrator account for Samba to kinit and net join the AD only ? 2. Can I use a common user with "Create Computer Objects" permission to kinit and net join AD ? 3. I got "Failed to join domain: Strong(er) authentication required" error message when I run net ads join using non-administrator user account. Is it the error message of using non-administrator account to net ads join ? Can anyone help ? Thanks, Jeff
Eric Roseme
2007-Nov-14 15:54 UTC
[Samba] net ads join must use AD Administrator account ?
Jeff Lee wrote:> Hi all, > > I want to configure a samba server (3.0.25b) with krb5-1.6.2, > openldap-2.3.37 and db-4.6.18 for single sign-on purpose. I have some > questions. > > 1. Is the AD Administrator account for Samba to kinit and net join the > AD only ? > 2. Can I use a common user with "Create Computer Objects" permission to > kinit and net join AD ? > 3. I got "Failed to join domain: Strong(er) authentication required" > error message when I run net ads join using non-administrator user > account. Is it the error message of using non-administrator account to > net ads join ? > > Can anyone help ? > > Thanks, > JeffRead this: http://www.docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf I wrote it for HP CIFS Server, but it's the same for Opensource Samba. Eric Roseme Hewlett-Packard
Franz Pfoertsch
2007-Nov-14 19:50 UTC
[Samba] Re: net ads join must use AD Administrator account ?
Jeff Lee wrote: Hi Jeff, please have a look at http://docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf it is from 2005 regards Franz> Hi all, > > I want to configure a samba server (3.0.25b) with krb5-1.6.2, > openldap-2.3.37 and db-4.6.18 for single sign-on purpose. I have some > questions. > > 1. Is the AD Administrator account for Samba to kinit and net join the > AD only ? > 2. Can I use a common user with "Create Computer Objects" permission to > kinit and net join AD ? > 3. I got "Failed to join domain: Strong(er) authentication required" > error message when I run net ads join using non-administrator user > account. Is it the error message of using non-administrator account to > net ads join ? > > Can anyone help ? > > Thanks, > Jeff