[Samba] Join DC has failed with error: NT_STATUS_PASSWORD_RESTRICTION
Andrew Bartlett
abartlet at samba.org
Sun Sep 22 20:22:50 UTC 2019
On Sun, 2019-09-22 at 19:23 +0100, Rowland penny via samba wrote:
> On 22/09/2019 19:05, tomek82 via samba wrote:
> > Hi,
> >
> > I've joined samba DC to existing windows domain using:
>
> You say 'existing windows domain', but what is the Windows domain ?
> >
> > samba-tool domain join ***.** DC -U"***\admin" --dns-
> > backend=BIND9_DLZ
> >
> > It has stopped on
> >
> > Adding DNS account CN=dns-DC...
> >
> > with the below error.
> >
> > ERROR(runtime): uncaught exception - (-1073741716, 'SetUserInfo2
> > level 26 for [dns-DC] failed: NT_STATUS_PASSWORD_RESTRICTION')
>
> This would seem to mean the password isn't complex enough, but the
> password should be random, so is the Windows domain set to have
> extremely complex passwords ?
Samba doesn't implement it, but I was reading the MS-SAMR spec last
week and there is a maximum password length. That might be causing the
trouble.
The dns-* account is created as a 'normal' account, so password
restrictions apply (unlike machine accounts used for the DC).
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list