[Samba] samba4.8.x machine account authentication using NetJoinDomain faled

Ryan ryanyang51 at 163.com
Fri Sep 14 07:07:07 UTC 2018 

Hi all,
I tried samba 4.8.3, 4.8.4 and 4.8.5 to build a domain. In the domain I firstly create a machine acconut and set it's password. Then I get a computer that own this machine account's name. I use the mechod NetJoinDomain to get this computer authencated to the domain. It failed with returncode 1326.
Besides, all the process above is avaliable in samba 4.5.16. So does any default setting change from 4.5.x to 4.8.x? What can I do to make it work again? Hope for help~
 
Here’s the smb.conf. I’ve tried to add  winbind offline logon = yes in the global section, but doesn’t work either.
[global]
        bind interfaces only = Yes
        interfaces = 8.22.127.121 127.0.0.1
        log file = /var/FusionAccess/LiteAD/log.samba
        log level = 2
        max log size = 15000
        netbios name = SUSE-2
        realm = 0904.HUAWEI.COM
        server role = active directory domain controller
        workgroup = 0904
        'idmap_ldb:use rfc2307  = yes'
 
        ldap server require strong auth = no
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
 
[netlogon]
        path = /var/lib/samba/sysvol/0904.huawei.com/scripts
        read only = No
        reject md5 clients = yes
 
[sysvol]
       path = /var/lib/samba/sysvol
        read only = No
 
 
In my program, I use the following command to get authenticated with the domain. But the ret is 1326.
 
ret = NetJoinDomain(server, domain, OU, account, password, (JoinOptions.NETSETUP_JOIN_DOMAIN | JoinOptions.NETSETUP_JOIN_UNSECURE |JoinOptions.NETSETUP_DOMAIN_JOIN_IF_JOINED | JoinOptions.NETSETUP_MACHINE_PWD_PASSED));
 
 
Here’s the log in log.samba:
[2018/09/13 11:20:18.975729,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
  auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:18.975922,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
  Auth: [SMB2,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:18.975877 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49158] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:445]
[2018/09/13 11:20:21.903399,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
  auth_check_password_recv: sam authentication for user [0904\N] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2018/09/13 11:20:21.903624,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
  Auth: [LDAP,NTLMSSP] user [0904]\[N] at [Thu, 13 Sep 2018 11:20:21.903563 CST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [SUSE-1] remote host [ipv4:127.0.0.1:54318] mapped to [0904]\[N]. local host [ipv4:127.0.0.1:389]
[2018/09/13 11:20:23.243049,  2] ../source4/dsdb/repl/replicated_objects.c:1021(dsdb_replicated_objects_commit)
  Replicated 1 objects (0 linked attributes) for DC=0904,DC=huawei,DC=com
[2018/09/13 11:20:23.943577,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
  auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:23.943813,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
  Auth: [SMB2,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:23.943754 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49184] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:445]
[2018/09/13 11:20:24.501393,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
  auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:24.501715,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
  Auth: [SMB2,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:24.501653 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49187] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:445]
[2018/09/13 11:20:26.546651,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
  auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:26.546928,  2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
  Auth: [LDAP,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:26.546877 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49217] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:389]
[2018/09/13 11:20:27.568714,  2] ../source4/dns_server/dns_update.c:773(dns_server_process_update)
  Got a dns update request.
[2018/09/13 11:20:27.569268,  2] ../source4/dns_server/dns_update.c:730(dns_update_allowed)
  Update not allowed for unsigned packet.
[2018/09/13 11:20:27.727230,  2] ../source4/dns_server/dns_update.c:773(dns_server_process_update)
  Got a dns update request.
[2018/09/13 11:20:27.727631,  2] ../source4/dns_server/dns_update.c:730(dns_update_allowed)
  Update not allowed for unsigned packet.
[2018/09/13 11:20:27.975980,  1] ../source4/dsdb/common/util.c:5357(dsdb_update_bad_pwd_count)
  Locked out user CN=LC001,CN=Computers,DC=0904,DC=huawei,DC=com after 5 wrong passwords
[2018/09/13 11:20:28.023048,  2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
  auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1

More information about the samba mailing list