Mailinglist Archive: opensuse (1606 mails)

< Previous Next >
Re: [opensuse] Joining Windows domain during openSUSE 11.0 install
  • From: "Silent Ph03nix" <silentph03nix@xxxxxxxxx>
  • Date: Mon, 1 Sep 2008 09:54:18 -0500
  • Message-id: <944d71fe0809010754i38df1988h3bc05d8ff3bb8a9d@xxxxxxxxxxxxxx>
On Mon, Sep 1, 2008 at 9:26 AM, Roger Oberholtzer <roger@xxxxxx> wrote:
Problem 1:

I decided that I would try to see how joining an Active Directory works
in openSUSE 11.0. So, during install (not finished pending resolution of
this), I have selected to join one. I have entered what I think is
correct information. At some point, it will verify workgroup membership.
A dialog box appears that lets you enter a user and password. The dialog
offers that if I set both items to empty strings, I will be logged in
anonymously. I have done this and it fails saying "Failed to join
domain. User specified does not have administrator privileges." Sort of
makes sense that an anonymous user would not have administrator
privileges. But as I am joining a corporate Active Directory, I am
hardly going to be given the Administrator password. Do I really need
the corporate Active Directory's Administrator password for letting my
Linux machine validate users against a AD server? If so, I find it hard
to imagine this is ever used in a real corporate environment. So it must
be something else. I do not see any more information on any consoles,
nor in /var/log files.

I believe Windows 2003 allowed a domain user to join 10 machines to
the domain. After that it requires a domain admin to add the machine
to the domain. Most of us that are admins, however, normally turn
that feature off and only allow domain admins or some local admins to
join machines to the domain. That way, we control what gets joined to
our domain and some random user can't just join machines to the domain
at will. And I believe in Windows 2000 and previous that you had to
be a domain admin to join a machine to the domain. So, I would bet
that that is what you are running into. Your admins have locked it
down so a normal user can't join the machine to the domain. You
really have 2 options that I see. You can call your IT department,
and they might send someone to you to join your machine to the domain
for you or you don't join to the domain and just enter your domain
credentials when trying to connect to a domain resource. Even as the
admin this last method is the one I usually employ. None of my linux
boxen are joined to my domain.

Don't know if any of that helps, that that's my $.02 as both a linux
and windows admin.


To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups