Bug 2435 - Join active directory without Admin privileges
Summary: Join active directory without Admin privileges
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.10
Hardware: All Linux
: P3 minor
Target Milestone: none
Assignee: Jim McDonough
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-03-09 14:53 UTC by Dan Davis
Modified: 2005-03-10 13:53 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Dan Davis 2005-03-09 14:53:54 UTC
Is there any way to join Active Directory without admin privileges? Joining is
working just fine for Domain Admins.

But ... one way for a Windows system to join is for the administrator to
pre-create the computer account, and to set the name or group with authority to
join the computer to Active Directory.   That doesn't work with a Samba server,

My Active Directory server runs Windows Server 2003.   The domain is tiny, just
like 10 machines, and it exists mainly to test things like this.  However, the
problem also occurred at Unisys when I tried it there.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-03-09 15:25:22 UTC
This works fine.  The configuration issue in on the ACL for
the server object in AD.  Have you admin set it correctly 
so that your user account can set the password an account 
control flags.  no bug here.
Comment 2 Dan Davis 2005-03-10 13:53:26 UTC
It looks like I can join with another account as long as I use:
     net rpc join -U notadmin

Rather than:
     net ads join -U notadmin

Can you confirm that?   I know it doesn't mention this in The Official Samba-3
HOWTO and Reference Guide.   Anyway, net ads join only works in my environment
with a Domain Admin, even if the security on the Active Directory side is good.