s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.

[samba.git] / source / utils / net_rpc_join.c

diff --git a/source/utils/net_rpc_join.c b/source/utils/net_rpc_join.c
index d8641bfb2305f262d4a92c9ca4ca2c90183a62ff..dfab65c7b82cb89e8717f2b86d2c40c47e7cbeac 100644 (file)
--- a/source/utils/net_rpc_join.c
+++ b/source/utils/net_rpc_join.c
@@ -243,14 +243,17 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
 
        CHECK_RPC_ERR(rpccli_samr_Connect2(pipe_hnd, mem_ctx,
                                           pipe_hnd->desthost,
-                                          SEC_RIGHTS_MAXIMUM_ALLOWED,
+                                          SAMR_ACCESS_ENUM_DOMAINS
+                                          | SAMR_ACCESS_OPEN_DOMAIN,
                                           &sam_pol),
                      "could not connect to SAM database");
 
 
        CHECK_RPC_ERR(rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
                                             &sam_pol,
-                                            SEC_RIGHTS_MAXIMUM_ALLOWED,
+                                            SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1
+                                            | SAMR_DOMAIN_ACCESS_CREATE_USER
+                                            | SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
                                             domain_sid,
                                             &domain_pol),
                      "could not open domain");