Unable To Join Workstation To Samba Domain: ERROR: ACCESS_DENIED or User Name Could Not Be Found

This document (7005562) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10

Situation

While trying to join a workstation to a Samba domain, the following errors may be encountered (on the client/workstation):
  • ERROR: The following error occurred attempting to join the domain "YourDomainName":  The user name could not be found
  • ERROR: The following error occurred attempting to join the domain "YourDomainName": ACCESS_DENIED
 
The /var/log/samba/log.smbd may report the following:
  • smbldap_open: cannot access LDAP when not root..

Resolution

On the server, check the following:
  1. Make sure the user being used to join the domain with exists ( getent passwd | grep -i <username> )
  2. Make sure the user also shows up as a Samba-enabled user ( pdbedit -Lw | grep -i <username> )
  3. List the rights the user has under Samba ( net rpc rights list <username> )
    • When executing the command listed above, you will need to enter root's password
    • If the user has sufficient rights, then the right "SeMachineAccountPrivilege" should be returned
    • If the SeMachineAccountPrivilege is not listed, then the right will need to be granted to the user ( net rpc rights grant <username> SeMachineAccountPrivilege )
  4. If, while trying to add rights to the user the following error is encountered, then add the root user to samba, or make sure the password is correct (outlined below):
    • ERROR:  Failed to grant privileges for <username> (NT_STATUS_ACCESS_DENIED)
    • To add a user, such as root, to Samba (this can be done through iManager for OES Linux servers), run the following command:
      • smbpasswd -a root (enter the password when prompted)
    • To change the Samba root password (assuming the user is already there), run the following command:
      • smbpasswd root (enter the password when prompted)
  5. If the root user had to be added, or the password modified, try re-granting the rights to the username as specified in number three above.

Once the rights are granted, and can be listed as outline in number three above, the user should be able to join accounts to the domain.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7005562
  • Creation Date: 29-Mar-2010
  • Modified Date:16-Mar-2021
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center