[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'

Rowland penny rpenny at samba.org
Fri Feb 14 20:27:58 UTC 2020

On 14/02/2020 20:03, Andrew Bartlett via samba wrote:
> On Fri, 2020-02-14 at 12:47 -0700, Rick Hollinbeck via samba wrote:
>> Dug deeper (i.e. into the source code)... no answer yet.
>> The samba join process is failing when fetching the domain's machine password
>> from the secrets.tdb database, which presumably it has just built as part of the JOIN..
>> Specifically, it is looking for an entry: "SECRETS/$MACHINE.ACC/OFFICE" in secrets.tdb.
> I'm really sorry for this red herring.  We are actually hoping for the
> reverse.
> The hope is that this fails, because this means we are not successfully
> joined to this domain already (we use the password to connect, if we
> connect successfully we fail).
> This was added to prevent administrators accidentally re-joining
> existing, fully functional DCs to the domain, and so triggering a
> replication flush around a potentially quite large domain.
> Sadly it triggers debug messages because it is using the code
> 'backwards'  and this would normally be a problem.
> Your error is later than this.
> Sorry,
> Andrew Bartlett
Andrew, has the code change ? (if so, I must have missed it and cannot 
find where), it used to print 'Join failed - cleaning up', then go on 
about the password.

I feel sure this is because the Windows domain was based on the pre 2008 DNS

Could the entire DomainDnsZones & ForestDnsZones objects be removed and 
then recreated (correctly) with samba_upgradedns ????


More information about the samba mailing list