[Samba] Inconsistent results while attempting to preset a computer with a one-time-password

Dan Oriani dan at reportallusa.com
Thu Feb 1 23:32:34 UTC 2018


Hello all, I'm kind of pulling my hair out over here.

 

    I'll preface this by saying that I'm using the latest version of Samba
packaged in Debian Stretch as my domain controller. Currently, I'm trying to
build an infrastructure where I can deploy a new virtual machine, then have
it automatically join the domain so that users can log in to it without very
much (if any) intervention by myself. To this end, I created a new user for
this process and delegated this user joining permissions as I found on the
Wiki. The problem is, more often than not, running adcli preset-computer
with --one-time--password set (I haven't really tested otherwise, as I don't
care about running adcli to preset or join a computer manually), I get an
error of "Cannot set computer password: Access denied: No such user when
changing password". Thinking that the permissions on the wiki weren't broad
enough, I added this user to the 'Domain Admin' account. Still the same
error. In fact, more often than not, even if I run the command as myself or
Administrator, I still get the same failure.

 

    The kicker is, sometimes it works. I deploy the machine, and that's
where my second issue begins. To join the computer to the domain, I issue a
kind of long adcli command that specifies the domain, fqdn, realm, etc.
Pretty much every option set to their correct value to rule out any
inconsistencies. This command more often than not fails as well, but
annoyingly at several different stages, depending on seemingly the time of
day. Sometimes it can't change the dNSHostName, sometimes it gets past that
then can't set userAccountControl. Each time it fails though, it can
definitely never set the userPrincipalName. Every so often that too works
though.

 

    These successes and failures happen with nothing changed on my part.
I'll run the commands and get a failure, but then the next time I try
sometimes it works and I haven't changed a single thing. Same command,
different results. I feel like I'm going crazy, so if anybody has any
suggestions at all, I'd be greatly appreciative!

 

Thanks!

Dan



More information about the samba mailing list