[Samba] 'Scripted' machine account renewal?!
Kees van Vloten
keesvanvloten at gmail.com
Mon Mar 4 21:01:00 UTC 2024
On 04-03-2024 21:54, Rowland Penny via samba wrote:
> On Mon, 4 Mar 2024 14:14:18 +0100
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
>> Mandi! Kees van Vloten via samba
>> In chel di` si favelave...
>>
>>> Interesting, I tried running it with -d 10, it shows a lot of
>>> output.
>> The same. My output is a bit more complex, i think because the joined
>> machine is a firewall, that have no whatsoever info about the domain,
>> so i have tons of error relatives to dns record missing.
>>
>> But, as just stated, join with:
>>
>> net ads join -I 10.172.1.8 -U gaio
>>
>> worked as expected, a simple 'net ads testjoin' work (with the same
>> DNS errors, of course).
>>
>>
>>> Another thing I tried was "systemctl stop winbind" and then the
>>> "net changetrustpw", but even then the same error occurs.
>> I've not winbind running in joined machine.
> If winbind isn't running, then your machine isn't fully joined, with
> 'security = ADS' ( a requirement for an AD Unix domain member) you must
> have winbind running, it has been this way since Samba 4.8.0
>
> Rowland
I just figured out something:
All my machines run Debian bookworm, the DCs run with samba 4.19.5.
I have ran it on 2 client machines, one with stock Debian winbind
4.17.12, the other one with 4.19.4.
It fails with mentioned error on stock 4.17.12, but works fine on 4.19.4.
Solution is easy: upgrading winbind from Debian backports solves the issue !
- Kees.
More information about the samba
mailing list