[Samba] Unable to Join Samba Domain: Password Error
Harald Hannelius
harald+samba at arcada.fi
Thu Sep 5 12:21:33 UTC 2019
I had the same problem. Check that "unix charset" matches on DC and Member
Server. Then joining worked again for me.
On Mon, 23 Apr 2018, David Stringfield via samba wrote:
> Hi all,
>
>
>
> I am attempting to join a Centos7 machine to a Samba NT4 domain. I have
> created an account on our OpenLDAP server and ensured it has the default
> password. However trying to join the domain is consistently throwing an
> error.
>
>
>
> From the machine that is trying to join the domain, I get this (edited for
> brevity):
>
> $~ net rpc join -U <user>%<passwd> -d 1 -I 192.168.70.XXX
>
> libnet_Join:
>
> libnet_JoinCtx: struct libnet_JoinCtx
>
> in: struct libnet_JoinCtx
>
> dc_name : NULL
>
> machine_name : ‘YYYY’'
>
> domain_name : *
>
> domain_name : 'XXXX’
>
> domain_name_type : JoinDomNameTypeUnknown (0)
>
> account_ou : NULL
>
> admin_account : 'root'
>
> admin_domain : NULL
>
> machine_password : NULL
>
> join_flags : 0x00000023 (35)
>
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>
> os_version : NULL
>
> os_name : NULL
>
> os_servicepack : NULL
>
> create_upn : 0x00 (0)
>
> upn : NULL
>
> modify_config : 0x00 (0)
>
> ads : NULL
>
> debug : 0x01 (1)
>
> use_kerberos : 0x00 (0)
>
> secure_channel_type : SEC_CHAN_WKSTA (2)
>
> desired_encryption_types : 0x0000001f (31)
>
> ../source3/rpc_client/cli_pipe.c:568: RPC fault code
> DCERPC_NCA_S_OP_RNG_ERROR received from host REMUS!
>
> libnet_Join:
>
> libnet_JoinCtx: struct libnet_JoinCtx
>
> out: struct libnet_JoinCtx
>
> account_name : NULL
>
> netbios_domain_name : 'WMA'
>
> dns_domain_name : NULL
>
> forest_name : NULL
>
> dn : NULL
>
> domain_sid : *
>
> domain_sid :
> S-1-5-21-121215118-3415587123-1071246906
>
> modified_config : 0x00 (0)
>
> error_string : 'Failed to set password for machine
> account (NT_STATUS_WRONG_PASSWORD)
>
> '
>
> domain_is_ad : 0x00 (0)
>
> set_encryption_types : 0x00000000 (0)
>
> result : WERR_INVALID_PASSWORD
>
>
>
>
>
> Viewing the log file on the samba server I see:
>
> [2018/04/23 15:29:52.633780, 0]
> rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3)
>
> _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client YYYY machine account YYYY$
>
> [2018/04/23 15:29:53.140584, 0] lib/charcnv.c:543(convert_string_talloc)
>
> Conversion error: Illegal multibyte sequence(▒▒lk▒▒▒1▒0`ã▒.▒t▒t▒:▒▒▒5)
>
> [2018/04/23 15:29:53.140759, 0]
> ../libcli/auth/smbencrypt.c:597(decode_pw_buffer)
>
> decode_pw_buffer: failed to convert incoming password
>
>
>
> It appears to be something with the encryption/coding but I just can’t
> figure out what, I’ve had little help from googling most of the errors.
>
>
>
> Thanks,
>
> David
>
>
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list