[Samba] Unable to join domain by using NetJoinDomain on Windows

周永健 zhouyongjian1031 at gmail.com
Wed Apr 3 16:19:44 UTC 2019

I am using samba 4.9.3 to build a domain. And I have a Windows 7 virtual
machine to join the domain. However, I found it was fail when I used the
NetJoinDomain which is the C# Library on Windows.
 It was successfully on samba 4.7.12. I used the same method to join the
domain previously but it doesn’t work after I upgraded samba to 4.8 above.
The return code is 1326 which said that UNKNOWN USERNAME OR INCORRECT
Then I try to analyze the package I sent by Wireshark. I have found some
1. In samba 4.7.x, I also got error  "NT_STATUS_WRONG_PASSWORD" when I try
to add a machine to the domain. Then it seemed to change to another
procedure and read the group strategy. it was added to the domain.
2. For samba 4.9.x, when the error message "NT_STATUS_WRONG_PASSWORD"
happened, and it occured in many times which only occured only one time in
3. According to the online informations, I add a setting "server schannel =
auto" in samba's configuration file and try to add this machine to the
domain once again in samba 4.9.4.  Finnally, this virtual machine was added
to the domain successsfully.

My question is :
1. why is  samba able to change the authentication protocol when it failed
in samba 4.7.x but it isn't in 4.9.4.
2. After I set "server schannel = auto", it seems to be add to domain
successfully. Is that a proper way to add this setting in samba's config
file? Does it have a more correct way to solve this problem and offline
join the domain successfully?

Best Regards,

More information about the samba mailing list