[Samba] Howto set/reset/reaad computer account password with samba-4.9.x examples?

[Denis Cardon]

Hi Oliver,

Le 01/16/2019 à 10:03 PM, Oliver Rath via samba a écrit :
> Hi list,
>
> I want to perform a domain join of a computer to a given machine account
> with reusing it, not overwriting. For this I think, it is the right way
> (for a unattend.xml) to use the <machinePassword> described here:
> https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-unattendedjoin-identification#child-elements
>
> in the new feature list of samba 4.9.x is written "The 'samba-tool
> computer' command allow manipulation of computer accounts including
> creating a new computer and resetting the password. This allows an
> 'offline join' of a member server or workstation to the Samba AD domain."

There has been a thread on the samba-technical mailing list about 
djoin.exe et al. You may take a look at it :

https://lists.samba.org/archive/samba-technical/2019-January/132023.html

You'll need both a way to create/reset the account (and get the clear 
text shared secret), then re-inject it on the domain member in the 
secrets.tdb file.

Cheers,

Denis

>
> Unfortunatly I dont find any example for
>
>   * resetting the password (the "setpassword" from user command doesnt
>     work, maybe simply --password?)
>   * creating a computer with a given machine password (maybe simply
>     --password,too ?)
>   * reading the machine password from AD (there i found some old variant
>     which didnt work, tested with Win81-clients)
>   * perform an offline join with a previously given/read-from-ad machine
>     password
>
> Is this possible, some examples anywhere?
>
> Tfh!
>
> Oliver
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr