[Samba] Howto set/reset/reaad computer account password with samba-4.9.x examples?

Rowland Penny rpenny at samba.org
Wed Jan 16 22:19:41 UTC 2019


On Wed, 16 Jan 2019 22:03:29 +0100
Oliver Rath via samba <samba at lists.samba.org> wrote:

> Hi list,
> 
> I want to perform a domain join of a computer to a given machine
> account with reusing it, not overwriting. For this I think, it is the
> right way (for a unattend.xml) to use the <machinePassword> described
> here:
> https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-unattendedjoin-identification#child-elements
> 
> in the new feature list of samba 4.9.x is written "The 'samba-tool
> computer' command allow manipulation of computer accounts including
> creating a new computer and resetting the password. This allows an
> 'offline join' of a member server or workstation to the Samba AD
> domain."
> 
> Unfortunatly I dont find any example for
> 
>   * resetting the password (the "setpassword" from user command doesnt
>     work, maybe simply --password?)

It does work, did you forget the '$' on the end of the computer name ?

e.g. samba-tool user setpassword --filter=samaccountname=Computer$

I think you would need to use this with '--random-password'

>   * creating a computer with a given machine password (maybe simply
>     --password,too ?)

You cannot do that, you need to create the computer and then set the
password.

>   * reading the machine password from AD (there i found some old
> variant which didnt work, tested with Win81-clients)

I think you would have to export a keytab for the new computer, pass
this to the new computer and then kinit with this and then do the join
with kerberos.

Rowland




More information about the samba mailing list