[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'
Rowland penny
rpenny at samba.org
Fri Feb 14 20:27:58 UTC 2020
On 14/02/2020 20:03, Andrew Bartlett via samba wrote:
> On Fri, 2020-02-14 at 12:47 -0700, Rick Hollinbeck via samba wrote:
>> Dug deeper (i.e. into the source code)... no answer yet.
>>
>> The samba join process is failing when fetching the domain's machine password
>> from the secrets.tdb database, which presumably it has just built as part of the JOIN..
>>
>> Specifically, it is looking for an entry: "SECRETS/$MACHINE.ACC/OFFICE" in secrets.tdb.
> I'm really sorry for this red herring. We are actually hoping for the
> reverse.
>
> The hope is that this fails, because this means we are not successfully
> joined to this domain already (we use the password to connect, if we
> connect successfully we fail).
>
> This was added to prevent administrators accidentally re-joining
> existing, fully functional DCs to the domain, and so triggering a
> replication flush around a potentially quite large domain.
>
> Sadly it triggers debug messages because it is using the code
> 'backwards' and this would normally be a problem.
>
> Your error is later than this.
>
> Sorry,
>
> Andrew Bartlett
>
Andrew, has the code change ? (if so, I must have missed it and cannot
find where), it used to print 'Join failed - cleaning up', then go on
about the password.
I feel sure this is because the Windows domain was based on the pre 2008 DNS
Could the entire DomainDnsZones & ForestDnsZones objects be removed and
then recreated (correctly) with samba_upgradedns ????
Rowland
More information about the samba
mailing list