[Samba] 'check password script' and Join...

L.P.H. van Belle belle at bazuin.nl
Tue Oct 24 13:56:39 UTC 2017 

Did you run the command  to disable the password check or complexabilty on all you DC's?
That is needed. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: dinsdag 24 oktober 2017 15:33
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] 'check password script' and Join...
> 
> 
> Make a note: it is better to disable 'check password script' in the
> DC(s) before trying to join a new DC. ;(
> 
> root at vdcpp1:~# samba-tool domain join ad.my.dom DC 
> -U"MYDOM\administrator" --dns-backend=BIND9_DLZ
> Finding a writeable DC for domain 'ad.my.dom'
> Found DC vdcsv1.ad.my.dom
> Password for [MYDOM\administrator]:
> workgroup is MYDOM
> realm is ad.my.dom
> Adding CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=my,DC=dom
> Adding 
> CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
> nfiguration,DC=ad,DC=my,DC=dom
> Adding CN=NTDS 
> Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Si
> tes,CN=Configuration,DC=ad,DC=my,DC=dom
> Adding SPNs to CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=my,DC=dom
> Setting account password for VDCPP1$
> Enabling account
> Adding DNS account CN=dns-VDCPP1,CN=Users,DC=ad,DC=my,DC=dom 
> with dns/ SPN
> Setting account password for dns-VDCPP1
> Join failed - cleaning up
> Deleted CN=VDCPP1,OU=Domain Controllers,DC=ad,DC=my,DC=dom
> Deleted CN=dns-VDCPP1,CN=Users,DC=ad,DC=my,DC=dom
> Deleted CN=NTDS 
> Settings,CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Si
> tes,CN=Configuration,DC=ad,DC=my,DC=dom
> Deleted 
> CN=VDCPP1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
> nfiguration,DC=ad,DC=my,DC=dom
> ERROR(ldb): uncaught exception - LDAP error 19 
> LDAP_CONSTRAINT_VIOLATION -  <0000052D: Constraint violation 
> - check_password_restrictions: the password does not meet the 
> complexity criteria!> <>
>   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", 
> line 652, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
> dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 
> 1253, in join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 
> 1151, in do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 
> 725, in join_add_objects
>     username=ctx.samname)
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", 
> line 514, in setpassword
>     self.modify_ldif(setpw)
>   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", 
> line 236, in modify_ldif
>     self.modify(msg, controls)
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list