Dotaz: zase samba&AD

sudo net ads join -U sigi
Enter sigi's password:
Failed to join domain: User specified does not have administrator privileges

PC@DOMENA.SK$ sudo net ads testjoin
Enter PC$@DOMENA.SK's password:
[2010/02/25 11:55:27,  0] libads/kerberos.c:332(ads_kinit_password)
  kerberos_kinit_password PC$@DOMENA.SK failed: Client not found in Kerberos database
Join to domain is not valid: Improperly formed account name

        security = ads
	server string = sigi server
        netbios name = PC
        realm = DOMENA.SK
        #password server = s.domena.sk
        workgroup = DOMENA
        idmap uid = 500-10000000
        idmap gid = 500-10000000
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
	winbind nested groups = Yes
        template homedir = /home/%D/%U
        template shell = /bin/bash
        client use spnego = yes
	client ntlmv2 auth = yes
        domain master = no
	dns proxy = no
	winbind nss info = rfc2307
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[download]
   comment = down
   path = /media/data/FTP-share/download
   guest ok = yes
   read only = yes
   share modes = no

[upload]
   comment = up
   path = /media/data/FTP-share/upload
   guest ok = yes
   read only = no
   share modes = no
   writable = yes

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

[logging]
	default = FILE:/var/log/krb5.log
	kdc = FILE:/var/log/krb5kdc.log
	admin_server = FILE:/var/log/kadmind.log

[libdefaults]
	default_realm = DOMENA.SK
	dns_lookup_realm = true
	dns_lookup_kdc = true
	ticket_lifetime = 24h

# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true

# The following libdefaults parameters are only for Heimdal Kerberos.
	v4_instance_resolve = false
	v4_name_convert = {
		host = {
			rcmd = host
			ftp = ftp
		}
		plain = {
			something = something-else
		}
	}
	fcc-mit-ticketflags = true

[realms]
	DOMENA.SK = {
		kdc = s.domena.sk
		admin_server = s.domena.sk
		default_domain = DOMENA.SK
	}

[domain_realm]
	.domena.sk = DOMENA.SK
	domena.sk = DOMENA.SK

[login]
	krb4_convert = true
	krb4_get_tickets = false

[2010/02/25 12:42:11,  1] libnet/libnet_join.c:1902(libnet_Join)
  libnet_Join:
      libnet_JoinCtx: struct libnet_JoinCtx
          out: struct libnet_JoinCtx
              account_name             : NULL
              netbios_domain_name      : 'DOMENA'
              dns_domain_name          : 'domena.sk'
              forest_name              : 'domena.sk'
              dn                       : NULL
              domain_sid               : *
                  domain_sid               : S-1-5-21-436374069-813497703-839522115
              modified_config          : 0x00 (0)
              error_string             : 'User specified does not have administrator privileges'
              domain_is_ad             : 0x01 (1)
              result                   : WERR_ACCESS_DENIED
[2010/02/25 12:42:11, 10] intl/lang_tdb.c:138(lang_tdb_init)
  lang_tdb_init: /usr/share/samba/.msg: No such file or directory
Failed to join domain: User specified does not have administrator privileges
[2010/02/25 12:42:11,  2] utils/net.c:779(main)
  return code = -1