[Samba] net ads join fail with Password exceeds maximum length allowed for crypt() hashing

Kees van Vloten keesvanvloten at gmail.com
Fri Dec 31 16:32:45 UTC 2021

Hi Samba-team,

I am try to join a machine to my samba4 domain, unfortunately there is 
no way to get it done:

net ads join --no-dns-updates -v -U domain_join_user
ads_print_error: AD LDAP ERROR: 1 (Operations error): 00002020: 
setup_primary_userPassword: generation of a CryptSHA512 password hash 
failed: (Password exceeds maximum length allowed for crypt() hashing)
Failed to join domain: Failed to set password for machine account 

This looks like a bug, should I file one?
Is there a way to workaround this issue?

As an additional "feature" the preprovisioned computer-account is 
removed and hence a next request always fails. I understand this happens 
when the join creates the account but it is illogical behavior with 
pre-provisioned accounts. Is there a way to avoid this?

- Kees

More information about the samba mailing list