[Samba] samba4.8.x machine account authentication using NetJoinDomain failed

Ryan ryanyang51 at 163.com
Fri Sep 14 12:01:41 UTC 2018


Actually 0904.huawei.com is just one of my test domain. I also built domain naned vds.huawei.com.  Same problem exsts. Besides, samba 4.5.16 doesn't have this issue.
I still doubt that some setting changed, such as encrypt method permission... After all, the log renainds password is wrong.Do you have any other clue?


>On Fri, 14 Sep 2018 15:07:07 +0800 (CST)
>Ryan via samba <samba at lists.samba.org> wrote:
>
>> Hi all,
>> I tried samba 4.8.3, 4.8.4 and 4.8.5 to build a domain. In the domain
>> I firstly create a machine acconut and set it's password. Then I get
>> a computer that own this machine account's name. I use the mechod
>> NetJoinDomain to get this computer authencated to the domain. It
>> failed with returncode 1326. Besides, all the process above is
>> avaliable in samba 4.5.16. So does any default setting change from
>> 4.5.x to 4.8.x? What can I do to make it work again? Hope for help~
>> Here’s the smb.conf. I’ve tried to add  winbind offline logon = yes
>> in the global section, but doesn’t work either. [global] bind
>> interfaces only = Yes interfaces = 8.22.127.121 127.0.0.1 log file
>> = /var/FusionAccess/LiteAD/log.samba log level = 2 max log size =
>> 15000 netbios name = SUSE-2 realm = 0904.HUAWEI.COM
>>         server role = active directory domain controller
>>         workgroup = 0904
>>         'idmap_ldb:use rfc2307  = yes'
>>  
>
>Why are there single quotes around the line above ?
>
>The big one though is, your workgroup name is illegal.
>
>If you go here:
>
>https://support.microsoft.com/en-gb/help/909264/naming-conventions-in-active-directory-for-computers-domains-sites-and
>
>Under 'NetBIOS domain names'
>
>You will find:
>
>In Windows 2000 and in later versions of Windows, computers that are
>members of an Active Directory domain cannot have names that are
>composed completely of numbers. This restriction is because of DNS
>restrictions. 
>
>I think you may have been lucky that it worked previously, there has
>recently been work to get this sort of thing to do what you need, try
>again with 4.9.0, but lose the all numeric workgroup name ;-)
>
>Rowland
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list