samba - Feb 2005 - Unable to join domain using ldap backend

net rpc join

Create of workstation account failed
User specified does not have administrator privileges
Unable to join domain BOB


I'm logged in as root.
I setup ldap using the Idealx instructions and latest scripts.
I can add users  and see the samba server  ie  smbclient -L bob
-Uroot%secret
I set the password for the Administrator account and it is also set uid 0.
I set the secrets.tdb password  smbpasswd -w secret.
I also have a ldap-secret file.
I checked the SID for net getlocalsid to the SID's in the ldap database, all
matched up.
I tried running net rpc join -Uadministrator%secret
For simplicity all the passwords I set are the same "secret".

Could someone please explain what the command;

  net rpc join 

is trying to authenticate?  Why can't it create a "workstations
account"?
What "administrator privileges" is it looking for?

I am able to join the domain if I don't use the ldap backend.
What's the magic setting for ldap?

Thanks,

David Mongan

David,

Get rid of the "Administrator" account. Use the "root"
account instead. You
have ambiguous names that can NOT unambiguously resolve to one identity.

ie: Is uid=0 root or is it Administrator?
    Does uid=0 map to the Administrator SID or to some other SID?

Also, use:
	net rpc join -S 'PDC_Name' -Uroot%secret

PS: It is best to populate your LDAP directory using:
	"smbldap-populate -a root",  not just the default which creates an
	"Administrator" account.

- John T.


On Wednesday 02 February 2005 15:11, MONGAN, DAVID (JSC-DV2) (USA)
wrote:
> net rpc join
>
> Create of workstation account failed
> User specified does not have administrator privileges
> Unable to join domain BOB
>
>
> I'm logged in as root.
> I setup ldap using the Idealx instructions and latest scripts.
> I can add users  and see the samba server  ie  smbclient -L bob
> -Uroot%secret
> I set the password for the Administrator account and it is also set uid 0.
> I set the secrets.tdb password  smbpasswd -w secret.
> I also have a ldap-secret file.
> I checked the SID for net getlocalsid to the SID's in the ldap
database,
> all matched up.
> I tried running net rpc join -Uadministrator%secret
> For simplicity all the passwords I set are the same "secret".
>
> Could someone please explain what the command;
>
>   net rpc join
>
> is trying to authenticate?  Why can't it create a "workstations
account"?
> What "administrator privileges" is it looking for?
>
> I am able to join the domain if I don't use the ldap backend.
> What's the magic setting for ldap?
>
> Thanks,
>
> David Mongan
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.