Joining a domain with samba4 when the user exists?

Andrew Bartlett abartlet at
Sat Oct 15 20:12:30 GMT 2005

On Sat, 2005-10-15 at 12:06 -0600, Brad Henry wrote:
> Volker Lendecke wrote:
> >Hi!
> >
> >Without the attached patch I can not successfully join a NT4 domain with Samba4
> >when the machine account already exists. The join is correctly executed on the
> >DC, but net refuses to store the credentials in secrets.ldb because the join
> >function returns NT_STATUS_USER_EXISTS. Is there a particular reason for this
> >behaviour? Does net have to deal specially with this situation, or is it a
> >misbehaviour of libnet_Join?
> >
> >Volker
> >  
> >
> Hi Volker,
> The behavior you're seeing in libnet_JoinDomain() was intentional. 
> libnet_JoinDomain() is returning NT_STATUS_USER_EXISTS because that's 
> what it recieved from dcerpc_samr_Createuser2(). 
> libnet_Join_primary_domain() is exiting immediately after it calls 
> libnet_JoinDomain(), as it didn't return NT_STATUS_IS_OK.
> I'm wondering if perhaps we should keep libnet_JoinDomain() returning 
> NT_STATUS_USER_EXISTS for this case, but allow 
> libnet_Join_primary_domain() to add the record to secrets.tdb.
> How does that sound? I would be happy to code up a patch to get this right.

Sorry about this, 

I was intending that this be the behaviour.  I think 'net join' should
be able to report that the join was a 're-join', keyed off that status
return.  Feel free to knock up a patch (it should probably report what
type of account we are currently joined as too).

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list