[Samba] Unable to Join Samba Domain: Password Error

David Stringfield stringfield at wmawater.com.au
Mon Apr 23 06:40:33 UTC 2018


Hi all,



I am attempting to join a Centos7 machine to a Samba NT4 domain. I have 
created an account on our OpenLDAP server and ensured it has the default 
password. However trying to join the domain is consistently throwing an 
error.



>From the machine that is trying to join the domain, I get this (edited for 
brevity):

$~ net rpc join -U <user>%<passwd> -d 1 -I 192.168.70.XXX

libnet_Join:

    libnet_JoinCtx: struct libnet_JoinCtx

        in: struct libnet_JoinCtx

            dc_name                  : NULL

            machine_name             : ‘YYYY’'

            domain_name              : *

                domain_name              : 'XXXX’

            domain_name_type         : JoinDomNameTypeUnknown (0)

            account_ou               : NULL

            admin_account            : 'root'

            admin_domain             : NULL

            machine_password         : NULL

            join_flags               : 0x00000023 (35)

                   0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS

                   0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME

                   0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT

                   0: WKSSVC_JOIN_FLAGS_DEFER_SPN

                   0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED

                   0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE

                   1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED

                   0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE

                   0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE

                   1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE

                   1: WKSSVC_JOIN_FLAGS_JOIN_TYPE

            os_version               : NULL

            os_name                  : NULL

            os_servicepack           : NULL

            create_upn               : 0x00 (0)

            upn                      : NULL

            modify_config            : 0x00 (0)

            ads                      : NULL

            debug                    : 0x01 (1)

            use_kerberos             : 0x00 (0)

            secure_channel_type      : SEC_CHAN_WKSTA (2)

            desired_encryption_types : 0x0000001f (31)

../source3/rpc_client/cli_pipe.c:568: RPC fault code 
DCERPC_NCA_S_OP_RNG_ERROR received from host REMUS!

libnet_Join:

    libnet_JoinCtx: struct libnet_JoinCtx

        out: struct libnet_JoinCtx

            account_name             : NULL

            netbios_domain_name      : 'WMA'

            dns_domain_name          : NULL

            forest_name              : NULL

            dn                       : NULL

            domain_sid               : *

                domain_sid               : 
S-1-5-21-121215118-3415587123-1071246906

            modified_config          : 0x00 (0)

            error_string             : 'Failed to set password for machine 
account (NT_STATUS_WRONG_PASSWORD)

'

            domain_is_ad             : 0x00 (0)

            set_encryption_types     : 0x00000000 (0)

            result                   : WERR_INVALID_PASSWORD





Viewing the log file on the samba server I see:

[2018/04/23 15:29:52.633780,  0] 
rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)

  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting 
auth request from client YYYY machine account YYYY$

[2018/04/23 15:29:53.140584,  0] lib/charcnv.c:543(convert_string_talloc)

  Conversion error: Illegal multibyte sequence(▒▒lk▒▒▒1▒0`ã▒.▒t▒t▒:▒▒▒5)

[2018/04/23 15:29:53.140759,  0] 
../libcli/auth/smbencrypt.c:597(decode_pw_buffer)

  decode_pw_buffer: failed to convert incoming password



It appears to be something with the encryption/coding but I just can’t 
figure out what, I’ve had little help from googling most of the errors.



Thanks,

David



More information about the samba mailing list