[Samba] samba4.8.x machine account authentication using NetJoinDomain faled

Rowland Penny rpenny at samba.org
Fri Sep 14 09:16:08 UTC 2018


On Fri, 14 Sep 2018 15:07:07 +0800 (CST)
Ryan via samba <samba at lists.samba.org> wrote:

> Hi all,
> I tried samba 4.8.3, 4.8.4 and 4.8.5 to build a domain. In the domain
> I firstly create a machine acconut and set it's password. Then I get
> a computer that own this machine account's name. I use the mechod
> NetJoinDomain to get this computer authencated to the domain. It
> failed with returncode 1326. Besides, all the process above is
> avaliable in samba 4.5.16. So does any default setting change from
> 4.5.x to 4.8.x? What can I do to make it work again? Hope for help~
> Here’s the smb.conf. I’ve tried to add  winbind offline logon = yes
> in the global section, but doesn’t work either. [global] bind
> interfaces only = Yes interfaces = 8.22.127.121 127.0.0.1 log file
> = /var/FusionAccess/LiteAD/log.samba log level = 2 max log size =
> 15000 netbios name = SUSE-2 realm = 0904.HUAWEI.COM
>         server role = active directory domain controller
>         workgroup = 0904
>         'idmap_ldb:use rfc2307  = yes'
>  

Why are there single quotes around the line above ?

The big one though is, your workgroup name is illegal.

If you go here:

https://support.microsoft.com/en-gb/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and

Under 'NetBIOS domain names'

You will find:

In Windows 2000 and in later versions of Windows, computers that are
members of an Active Directory domain cannot have names that are
composed completely of numbers. This restriction is because of DNS
restrictions. 

I think you may have been lucky that it worked previously, there has
recently been work to get this sort of thing to do what you need, try
again with 4.9.0, but lose the all numeric workgroup name ;-)

Rowland



More information about the samba mailing list