[Samba] net join fail

Rowland penny rpenny at samba.org
Tue Apr 12 11:21:08 UTC 2016


On 12/04/16 12:09, John Rowe wrote:
> I am trying to reconfigure a samba server to use authentication from the University domain.
>
> * smbd seems to start OK
> * net ads testjoin is fine
> * net ads join -U xxUSERNAME createcomputer="xxCOMPUTER" fails with:
> Failed to join domain: failed to set machine spn: Constraint violation
>
> (where xxTEXT indicates redaction - sorry I'm not sure what's
> confidential and what isn't)
>
> xxUSERNAME and xxCOMPUTER are valid (changing either changes the error
> message).
>
>
>   smb.conf starts:
>
>         security = ads
>          realm = xxDOMAIN
>          workgroup = xxWORKGROUP
>          idmap config * : range = 16667216-33554431
>          idmap config * : backend = tdb
>          encrypt passwords = yes
>
>
> The diagnostics are:
>
> net -d 1 ads join -U xxUSERNAME createcomputer="xxCOMPUTER"
> Enter xxUSERNAME's password:
> libnet_Join:
>      libnet_JoinCtx: struct libnet_JoinCtx
>          in: struct libnet_JoinCtx
>              dc_name                  : NULL
>              machine_name             : 'xxHOST'
>              domain_name              : *
>                  domain_name              : 'xxMYDOMAIN'
>              account_ou               : 'xxCOMPUTER'
>              admin_account            : 'xxUSERNAME'
>              machine_password         : NULL
>              join_flags               : 0x00000023 (35)
>                     0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>                     0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>                     0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>                     0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>                     0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>                     0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>                     1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>                     0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>                     0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>                     1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>                     1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>              os_version               : NULL
>              os_name                  : NULL
>              create_upn               : 0x00 (0)
>              upn                      : NULL
>              modify_config            : 0x00 (0)
>              ads                      : NULL
>              debug                    : 0x01 (1)
>              use_kerberos             : 0x00 (0)
>              secure_channel_type      : SEC_CHAN_WKSTA (2)
> The machine account already exists in the specified OU.
> libnet_Join:
>      libnet_JoinCtx: struct libnet_JoinCtx
>          out: struct libnet_JoinCtx
>              account_name             : NULL
>              netbios_domain_name      : 'xxNAME'
>              dns_domain_name          : 'xxNAME'
>              forest_name              : 'xxFORREST'
>              dn                       :
> 'CN=xxHOST,OU=Servers,OU=xxCOMPUTER,OU=Resources,DC=xxFIRSTNAME,DC=xxROOT,DC=ex,DC=ac,DC=uk'
>              domain_sid               : *
>                  domain_sid               :
> S-1-2-34-5678901234-567890123-4567890123
>              modified_config          : 0x00 (0)
>              error_string             : 'failed to set machine spn:
> Constraint violation'
>              domain_is_ad             : 0x01 (1)
>              result                   : WERR_GENERAL_FAILURE
> Failed to join domain: failed to set machine spn: Constraint violation
>
>
> Any help would be greatly appreciated.
>
> Thanks
>
> John
>
>
>
>
>

Try again without the 'createcomputer="xxCOMPUTER"', your computer seems 
to already exist:

The machine account already exists in the specified OU.

Rowland




More information about the samba mailing list