[Samba] help for join AD domain failure troubleshooting
Andrew Bartlett
abartlet at samba.org
Thu Jul 2 01:11:57 UTC 2020
On Thu, 2020-07-02 at 05:44 +0800, rong zhao wrote:
> Thank you @Rowland,
>
> I tried the new smb.conf file, still no luck with the same error
> message, I also reboot Linux and try too.
>
> -------
> Failed to join domain: Failed to set machine spn: Operations error
> Do you have sufficient permissions to create machine accounts?
> return code = -1
> Freed frame ../../source3/utils/net.c:942, expected
> ../../source3/libnet/libnet_join.c:506.
> -------
>
> Thank you @Andrew,
>
> We never modified the "10" limit before, it really worked (maybe when
> Ada is lad)... but about 2 months ago, it suddenly broke.
This was never implemented in Samba, sorry.
> I am
> suspecting somebody modified security options on AD servers in our
> team, but nobody claimed that, so we have to try to figure it out
> painfully :(
My guess is you used a more privileged account in the past.
Some folks delegate rights on an OU, but I've never convinced myself
that is safe either.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list