Joining a domain with samba4 when the user exists?

Andrew Bartlett abartlet at
Sat Oct 15 20:15:04 GMT 2005

On Sat, 2005-10-15 at 20:19 +0200, Volker Lendecke wrote:
> On Sat, Oct 15, 2005 at 12:06:13PM -0600, Brad Henry wrote:
> > The behavior you're seeing in libnet_JoinDomain() was intentional. 
> > libnet_JoinDomain() is returning NT_STATUS_USER_EXISTS because that's 
> > what it recieved from dcerpc_samr_Createuser2(). 
> > libnet_Join_primary_domain() is exiting immediately after it calls 
> > libnet_JoinDomain(), as it didn't return NT_STATUS_IS_OK.
> > 
> > I'm wondering if perhaps we should keep libnet_JoinDomain() returning 
> > NT_STATUS_USER_EXISTS for this case, but allow 
> > libnet_Join_primary_domain() to add the record to secrets.tdb.
> > 
> > How does that sound? I would be happy to code up a patch to get this right.
> As I did not look at that area of the code deeply enough, I can't really
> comment. If this is intentional, then we should at least print an error message
> in the net command that the account has to be deleted before joining. Not
> giving an error message at all is a bit confusing, it makes the administrator
> believe the join succeeded when it did not.

The reason we got here is that we wanted to share the join logic between
the torture code and the mainline 'net join' code.  The torture code
needed to know if it was a 're-join', as it would then delete the
account, and try yet again (to ensure a clean slate), while the mainline
code wants to re-join, keeping the old account details (just reset the

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list