[Samba] net ads join fails with pre-created machine accounts
Osipov, Michael
michael.osipov at siemens.com
Mon Nov 6 09:15:07 UTC 2017
Hi folks,
we have recently tried to join several FreeBSD machines to your forest where the machine accounts where pre-created by the core admin team. We did as root:
# kinit 'machine-name$'
# net ads join ...
Unfortunately, it failed with an error that several attributes cannot be set which are available to domain admins only. It ultimately means that one cannot use pre-created accounts. This is somewhat of a problem because getting a session with an admin to kinit via SSH and have the join done requires a lot of communication effort back and forth. It is way easier to have the account pre-created asynchronously and not to rely on the admin anymore. Moreover, I am quite certain that reset account is not supported for a domain member via 'net ads ...'.
This makes provisions machines quite hard. Is there any reasonable workaround for now, or better in the works? Shall I file an issue for that?
We are using samba46-4.6.8 from the ports tree.
Best regards,
Michael
More information about the samba
mailing list