Insufficient access when trying to set machine OS attributes when joining Linux server to Active Directory

linux active-directory domain adsi

I am trying to join a Linux server to Active Directory. I want to set OS Name and OS Version attributes upon joining the domain using this command:

/usr/bin/net ads join -k -S adserver.example.local osName=CentOS osVer=6.5

I've delegated permissions to a bind account so that it can read/write to OS Name and OS Version properties for computer objects. When I try to join domain, I am hit with this error:

Failed to join domain: failed to set machine os attributes: Insufficient access

I have no issues joining the domain when leaving off osName and osVer. Just to verify that this account has the right permissions, I manually set these two properties on the computer objects using ADSI.


It's usually easier to pre-stage the computer account, and assign permissions/owner to the account that will be joining it to the domain.


From packet analysis, learned that the account being used to join the domain was missing permissions to read/write to Operating System Service Pack. That attribute was automatically being set to the version of samba that was installed.

Related

Improve RSYNC scan speed / Alternate approach?
SQL Server 2008 Copy Database Wizard: Fail
What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?
Linux as a gateway (no NAT)
Small business VPN solution [closed]
Nginx Load Balance / Proxy to Upstream with Path / Rewrite
ELB health checks for freshly launched EC2 instances not working
Configuring IIS 7.5 to be FIPS 140.2 compliant
Easy way to install XP on several laptops?
How can i change disks from foreign state using OMSA
Active Directory - forest trust between forests with same name?
Script to recreate Outlook 2010 mail profile