Web lists-archives.com

Re: [Samba] Unable to rejoin domain, LDAP error 50




On Tue, 3 Apr 2018 17:36:35 +0200
Krzysztof Paszkowski via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I'm sorry, you're absolutely right. I'm not sure why I didn't follow
> your hint. My fault.
> 
> Now, it seems I have exactly the same output as you:
> 
> [root@dc private]# net rpc rights list accounts -U Administrator
> 
> BUILTIN\Administrators
> SeSecurityPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeSystemtimePrivilege
> SeShutdownPrivilege
> SeRemoteShutdownPrivilege
> SeTakeOwnershipPrivilege
> SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> SeSystemProfilePrivilege
> SeProfileSingleProcessPrivilege
> SeIncreaseBasePriorityPrivilege
> SeLoadDriverPrivilege
> SeCreatePagefilePrivilege
> SeIncreaseQuotaPrivilege
> SeChangeNotifyPrivilege
> SeUndockPrivilege
> SeManageVolumePrivilege
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> SeEnableDelegationPrivilege
> SeInteractiveLogonRight
> SeNetworkLogonRight
> SeRemoteInteractiveLogonRight
> 

The above is the relevant set of rights for the Administrator.

Administrator is a member of the following groups:

memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=samdom,DC=example,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=samdom,DC=example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=samdom,DC=example,DC=com

Amongst which is 'Administrators', so could (for whatever reason)
Administrator have been removed from the 'Administrators' group ?

Another thought, have you given 'Administrator' a uidNumber attribute ?
Or has 'Administrator' been removed from idmap.ldb ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba