[Samba] 'check password script' and Join...

Marco Gaiarin gaio at sv.lnf.it
Tue Oct 24 13:33:04 UTC 2017 

Make a note: it is better to disable 'check password script' in the
DC(s) before trying to join a new DC. ;(

root at vdcpp1:~# samba-tool domain join ad.my.dom DC -U"MYDOM\administrator" --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ad.my.dom'
Found DC vdcsv1.ad.my.dom
Password for [MYDOM\administrator]:
workgroup is MYDOM
realm is ad.my.dom
Adding CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=my,DC=dom
Adding CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=my,DC=dom
Adding CN=NTDS Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=my,DC=dom
Adding SPNs to CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=my,DC=dom
Setting account password for VDCPP1$
Enabling account
Adding DNS account CN=dns-VDCPP1,CN=Users,DC=ad,DC=my,DC=dom with dns/ SPN
Setting account password for dns-VDCPP1
Join failed - cleaning up
Deleted CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=my,DC=dom
Deleted CN=dns-VDCPP1,CN=Users,DC=ad,DC=my,DC=dom
Deleted CN=NTDS Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=my,DC=dom
Deleted CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=my,DC=dom
ERROR(ldb): uncaught exception - LDAP error 19 LDAP_CONSTRAINT_VIOLATION -  <0000052D: Constraint violation - check_password_restrictions: the password does not meet the complexity criteria!> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1151, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 725, in join_add_objects
    username=ctx.samname)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 514, in setpassword
    self.modify_ldif(setpw)
  File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 236, in modify_ldif
    self.modify(msg, controls)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list