Bug 2435 - Join active directory without Admin privileges
Join active directory without Admin privileges
Status: RESOLVED INVALID
Product: Samba 3.0
Classification: Unclassified
Component: net utility
3.0.10
All Linux
: P3 minor
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-09 14:53 UTC by Dan Davis
Modified: 2005-03-10 13:53 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Davis 2005-03-09 14:53:54 UTC
Is there any way to join Active Directory without admin privileges? Joining is
working just fine for Domain Admins.

But ... one way for a Windows system to join is for the administrator to
pre-create the computer account, and to set the name or group with authority to
join the computer to Active Directory.   That doesn't work with a Samba server,
however.

My Active Directory server runs Windows Server 2003.   The domain is tiny, just
like 10 machines, and it exists mainly to test things like this.  However, the
problem also occurred at Unisys when I tried it there.
Comment 1 Gerald (Jerry) Carter 2005-03-09 15:25:22 UTC
This works fine.  The configuration issue in on the ACL for
the server object in AD.  Have you admin set it correctly 
so that your user account can set the password an account 
control flags.  no bug here.
Comment 2 Dan Davis 2005-03-10 13:53:26 UTC
It looks like I can join with another account as long as I use:
     net rpc join -U notadmin

Rather than:
     net ads join -U notadmin

Can you confirm that?   I know it doesn't mention this in The Official Samba-3
HOWTO and Reference Guide.   Anyway, net ads join only works in my environment
with a Domain Admin, even if the security on the Active Directory side is good.