Tavis
2004-Sep-07 21:33 UTC
[Samba] Minimum Permissions Required to Associate to a Windows Server 2003 AD Realm
I'm setting up a windows server 2003 ADS Realm with a few samba servers
associating to it, however i've found that the accounts on the DC that i
use to associate samba with need to be in the administrator group
otherwise the association fails. ("ads_join_realm: Insufficient
access")
I'm just curious what the absolute minimum privileges are on the Windows
Server 2003 DC to allow the Samba server to Join the ADS Realm? I don't
like the idea of giving the accounts used by samba administrative
access, and it just doesn't seem necessary.
Daniel Ramaley
2004-Sep-07 21:55 UTC
[Samba] Minimum Permissions Required to Associate to a Windows Server 2003 AD Realm
I don't know about Samba specifically, but in the active directory here i have an account just for joining Windows machines to the domain. The account only has 2 permissions set in group policy, both of which apply to computer objects: Write All Properties, and Reset Password. On Tuesday 07 September 2004 03:27 pm, Tavis wrote:>I'm setting up a windows server 2003 ADS Realm with a few samba > servers associating to it, however i've found that the accounts on > the DC that i use to associate samba with need to be in the > administrator group otherwise the association fails. > ("ads_join_realm: Insufficient access") > >I'm just curious what the absolute minimum privileges are on the > Windows Server 2003 DC to allow the Samba server to Join the ADS > Realm? I don't like the idea of giving the accounts used by samba > administrative access, and it just doesn't seem necessary.-- ------------------------------------------------------------------------ Dan Ramaley Digital Media Library Specialist (515) 271-1934 Cowles Library 140, Drake University