[Samba] net join fail

John Rowe J.M.Rowe at exeter.ac.uk
Tue Apr 12 11:09:27 UTC 2016


I am trying to reconfigure a samba server to use authentication from the University domain. 

* smbd seems to start OK
* net ads testjoin is fine
* net ads join -U xxUSERNAME createcomputer="xxCOMPUTER" fails with:
Failed to join domain: failed to set machine spn: Constraint violation

(where xxTEXT indicates redaction - sorry I'm not sure what's
confidential and what isn't)

xxUSERNAME and xxCOMPUTER are valid (changing either changes the error
message).


 smb.conf starts:

       security = ads
        realm = xxDOMAIN
        workgroup = xxWORKGROUP
        idmap config * : range = 16667216-33554431
        idmap config * : backend = tdb
        encrypt passwords = yes


The diagnostics are:

net -d 1 ads join -U xxUSERNAME createcomputer="xxCOMPUTER" 
Enter xxUSERNAME's password:
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        in: struct libnet_JoinCtx
            dc_name                  : NULL
            machine_name             : 'xxHOST'
            domain_name              : *
                domain_name              : 'xxMYDOMAIN'
            account_ou               : 'xxCOMPUTER'
            admin_account            : 'xxUSERNAME'
            machine_password         : NULL
            join_flags               : 0x00000023 (35)
                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN
                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
            os_version               : NULL
            os_name                  : NULL
            create_upn               : 0x00 (0)
            upn                      : NULL
            modify_config            : 0x00 (0)
            ads                      : NULL
            debug                    : 0x01 (1)
            use_kerberos             : 0x00 (0)
            secure_channel_type      : SEC_CHAN_WKSTA (2)
The machine account already exists in the specified OU.
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : 'xxNAME'
            dns_domain_name          : 'xxNAME'
            forest_name              : 'xxFORREST'
            dn                       :
'CN=xxHOST,OU=Servers,OU=xxCOMPUTER,OU=Resources,DC=xxFIRSTNAME,DC=xxROOT,DC=ex,DC=ac,DC=uk'
            domain_sid               : *
                domain_sid               :
S-1-2-34-5678901234-567890123-4567890123 
            modified_config          : 0x00 (0)
            error_string             : 'failed to set machine spn:
Constraint violation'
            domain_is_ad             : 0x01 (1)
            result                   : WERR_GENERAL_FAILURE
Failed to join domain: failed to set machine spn: Constraint violation


Any help would be greatly appreciated.

Thanks

John







More information about the samba mailing list