Web lists-archives.com

Re: [Samba] Unable to rejoin domain, LDAP error 50




On Tue, 3 Apr 2018 18:09:18 +0200
Krzysztof Paszkowski via samba <samba@xxxxxxxxxxxxxxx> wrote:

> There was lack of membership in Administrators domain/Builtin group.
> I had only:
> Domain Users
> Group Policy Creator Owners
> Enterprise Admins
> Schema Admins
> Domain Admins

You should only have:

Domain Admins
Administrator
Enterprise Admins

You definitely shouldn't have Domain Users, this make ALL your domain
users into admins and I don't think you want that ;-)

> 
> Any hint with the recreation of keytab file?
> 

Do you actually need the keytab ? It is only required if something like
Dovecot needs to auth to AD.

If you do need the keytab, you can create it with samba-tool:

samba-tool domain exportkeytab

This will create a keytab with all the keytabs in it, if you just want
one keytab, add '--principal=PRINCIPAL'.

Add '--help' to the command above for more info

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba