[Techtalk] samba experts?
Elwing
elwing at elwing.org
Sat Oct 1 01:25:41 EST 2005
At work, we're trying to help a client join a Solaris machine to a
Windows 2000 domain using Kerberos authentication and Samba 3.0.14a.
We have a test Solaris box, but our domain is Win2k3 and very default
settings, whereas I'm sure the client's is a bit more strict.
we have no issues with joining the domain on our solaris machine, but
they are having Insufficient Access errors:
hostname# net ads join -d 2
....
ads_add_machine_acct: Host account for hostname already exists -
modifying old account
[2005/09/30 10:07:47, 0] libads/ldap.c:ads_join_realm(1763)
ads_join_realm: ads_add_machine_acct failed (hostname):
Insufficient access
ads_join_realm: Insufficient access
hostname#
The client is able to get a kerberos ticket successfully using kinit,
her Windows account has permission to add a machine to the domain,
but we're still getting insufficient access.
The only known difference between the configurations (other than the
2000 vs 2003) is that their domain requires the machine account to be
created first before one can be added.
I've searched through samba documentation and google without luck to
discover if this matters.
The log shows that it sees an existing account and it's trying to
modify it, so I don't think that it would matter.
Any ideas? or any suggestions on google magic words to try to find it?
Elwing
More information about the Techtalk
mailing list