[Samba] samba4.8.x machine account authentication using NetJoinDomain faled
Ryan
ryanyang51 at 163.com
Fri Sep 14 07:07:07 UTC 2018
Hi all,
I tried samba 4.8.3, 4.8.4 and 4.8.5 to build a domain. In the domain I firstly create a machine acconut and set it's password. Then I get a computer that own this machine account's name. I use the mechod NetJoinDomain to get this computer authencated to the domain. It failed with returncode 1326.
Besides, all the process above is avaliable in samba 4.5.16. So does any default setting change from 4.5.x to 4.8.x? What can I do to make it work again? Hope for help~
Here’s the smb.conf. I’ve tried to add winbind offline logon = yes in the global section, but doesn’t work either.
[global]
bind interfaces only = Yes
interfaces = 8.22.127.121 127.0.0.1
log file = /var/FusionAccess/LiteAD/log.samba
log level = 2
max log size = 15000
netbios name = SUSE-2
realm = 0904.HUAWEI.COM
server role = active directory domain controller
workgroup = 0904
'idmap_ldb:use rfc2307 = yes'
ldap server require strong auth = no
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
[netlogon]
path = /var/lib/samba/sysvol/0904.huawei.com/scripts
read only = No
reject md5 clients = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
In my program, I use the following command to get authenticated with the domain. But the ret is 1326.
ret = NetJoinDomain(server, domain, OU, account, password, (JoinOptions.NETSETUP_JOIN_DOMAIN | JoinOptions.NETSETUP_JOIN_UNSECURE |JoinOptions.NETSETUP_DOMAIN_JOIN_IF_JOINED | JoinOptions.NETSETUP_MACHINE_PWD_PASSED));
Here’s the log in log.samba:
[2018/09/13 11:20:18.975729, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:18.975922, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:18.975877 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49158] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:445]
[2018/09/13 11:20:21.903399, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
auth_check_password_recv: sam authentication for user [0904\N] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2018/09/13 11:20:21.903624, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [LDAP,NTLMSSP] user [0904]\[N] at [Thu, 13 Sep 2018 11:20:21.903563 CST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [SUSE-1] remote host [ipv4:127.0.0.1:54318] mapped to [0904]\[N]. local host [ipv4:127.0.0.1:389]
[2018/09/13 11:20:23.243049, 2] ../source4/dsdb/repl/replicated_objects.c:1021(dsdb_replicated_objects_commit)
Replicated 1 objects (0 linked attributes) for DC=0904,DC=huawei,DC=com
[2018/09/13 11:20:23.943577, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:23.943813, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:23.943754 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49184] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:445]
[2018/09/13 11:20:24.501393, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:24.501715, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:24.501653 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49187] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:445]
[2018/09/13 11:20:26.546651, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
[2018/09/13 11:20:26.546928, 2] ../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [LDAP,NTLMSSP] user [0904]\[LC001$] at [Thu, 13 Sep 2018 11:20:26.546877 CST] with [NTLMv2] status [NT_STATUS_WRONG_PASSWORD] workstation [LC001] remote host [ipv4:8.22.127.165:49217] mapped to [0904]\[LC001$]. local host [ipv4:8.22.127.120:389]
[2018/09/13 11:20:27.568714, 2] ../source4/dns_server/dns_update.c:773(dns_server_process_update)
Got a dns update request.
[2018/09/13 11:20:27.569268, 2] ../source4/dns_server/dns_update.c:730(dns_update_allowed)
Update not allowed for unsigned packet.
[2018/09/13 11:20:27.727230, 2] ../source4/dns_server/dns_update.c:773(dns_server_process_update)
Got a dns update request.
[2018/09/13 11:20:27.727631, 2] ../source4/dns_server/dns_update.c:730(dns_update_allowed)
Update not allowed for unsigned packet.
[2018/09/13 11:20:27.975980, 1] ../source4/dsdb/common/util.c:5357(dsdb_update_bad_pwd_count)
Locked out user CN=LC001,CN=Computers,DC=0904,DC=huawei,DC=com after 5 wrong passwords
[2018/09/13 11:20:28.023048, 2] ../source4/auth/ntlm/auth.c:475(auth_check_password_recv)
auth_check_password_recv: sam authentication for user [0904\LC001$] FAILED with error NT_STATUS_WRONG_PASSWORD, authoritative=1
More information about the samba
mailing list