[Samba] Unable to join domain by using NetJoinDomain on Windows

[周永健]

I am using samba 4.9.3 to build a domain. And I have a Windows 7 virtual
machine to join the domain. However, I found it was fail when I used the
NetJoinDomain which is the C# Library on Windows.
 It was successfully on samba 4.7.12. I used the same method to join the
domain previously but it doesn’t work after I upgraded samba to 4.8 above.
The return code is 1326 which said that UNKNOWN USERNAME OR INCORRECT
PASSWORD.
Then I try to analyze the package I sent by Wireshark. I have found some
hints.
1. In samba 4.7.x, I also got error  "NT_STATUS_WRONG_PASSWORD" when I try
to add a machine to the domain. Then it seemed to change to another
procedure and read the group strategy. it was added to the domain.
2. For samba 4.9.x, when the error message "NT_STATUS_WRONG_PASSWORD"
happened, and it occured in many times which only occured only one time in
4.7.x.
3. According to the online informations, I add a setting "server schannel =
auto" in samba's configuration file and try to add this machine to the
domain once again in samba 4.9.4.  Finnally, this virtual machine was added
to the domain successsfully.

My question is :
1. why is  samba able to change the authentication protocol when it failed
in samba 4.7.x but it isn't in 4.9.4.
2. After I set "server schannel = auto", it seems to be add to domain
successfully. Is that a proper way to add this setting in samba's config
file? Does it have a more correct way to solve this problem and offline
join the domain successfully?

Best Regards,
Joe