[Samba] Join DC has failed with error: NT_STATUS_PASSWORD_RESTRICTION

Andrew Bartlett abartlet at samba.org
Sun Sep 22 20:22:50 UTC 2019


On Sun, 2019-09-22 at 19:23 +0100, Rowland penny via samba wrote:
> On 22/09/2019 19:05, tomek82 via samba wrote:
> >   Hi,
> > 
> > I've joined samba DC to existing windows domain using:
> 
> You say 'existing windows domain', but what is the Windows domain ?
> > 
> > samba-tool domain join ***.** DC -U"***\admin" --dns-
> > backend=BIND9_DLZ
> > 
> > It has stopped on
> > 
> > Adding DNS account CN=dns-DC...
> > 
> > with the below error.
> > 
> > ERROR(runtime): uncaught exception - (-1073741716, 'SetUserInfo2
> > level 26 for [dns-DC] failed: NT_STATUS_PASSWORD_RESTRICTION')
> 
> This would seem to mean the password isn't complex enough, but the 
> password should be random, so is the Windows domain set to have 
> extremely complex passwords ?

Samba doesn't implement it, but I was reading the MS-SAMR spec last
week and there is a maximum password length.  That might be causing the
trouble.

The dns-* account is created as a 'normal' account, so password
restrictions apply (unlike machine accounts used for the DC).

Andrew Bartlett
-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba mailing list