Unable To Join Workstation To Samba Domain: ERROR: ACCESS_DENIED or User Name Could Not Be Found

• ERROR: The following error occurred attempting to join the domain "YourDomainName":  The user name could not be found
• ERROR: The following error occurred attempting to join the domain "YourDomainName": ACCESS_DENIED

• smbldap_open: cannot access LDAP when not root..

1. Make sure the user being used to join the domain with exists ( getent passwd | grep -i <username> )
2. Make sure the user also shows up as a Samba-enabled user ( pdbedit -Lw | grep -i <username> )
3. List the rights the user has under Samba ( net rpc rights list <username> )
   • When executing the command listed above, you will need to enter root's password
   • If the user has sufficient rights, then the right "SeMachineAccountPrivilege" should be returned
   • If the SeMachineAccountPrivilege is not listed, then the right will need to be granted to the user ( net rpc rights grant <username> SeMachineAccountPrivilege )
4. If, while trying to add rights to the user the following error is encountered, then add the root user to samba, or make sure the password is correct (outlined below):
   • ERROR:  Failed to grant privileges for <username> (NT_STATUS_ACCESS_DENIED)
   • To add a user, such as root, to Samba (this can be done through iManager for OES Linux servers), run the following command:
   • • smbpasswd -a root (enter the password when prompted)
   • To change the Samba root password (assuming the user is already there), run the following command:
     • smbpasswd root (enter the password when prompted)
5. If the root user had to be added, or the password modified, try re-granting the rights to the username as specified in number three above.

Once the rights are granted, and can be listed as outline in number three above, the user should be able to join accounts to the domain.